add example and update docs

Author: christineschen

docs/data-sources/stream_privatelink_endpoint.md

@@ -294,26 +294,20 @@ output "service_attachment_uris" {
 
 ### Azure Blob Storage Privatelink
 ```terraform
-resource "mongodbatlas_stream_privatelink_endpoint" "azure_blob" {
-  project_id          = var.project_id
-  provider_name       = "AZURE"
-  vendor              = "AZURE_BLOB_STORAGE"
-  region              = var.azure_region
-  service_endpoint_id = "/subscriptions/${var.azure_subscription_id}/resourceGroups/${var.azure_resource_group}/providers/Microsoft.Storage/storageAccounts/${var.azure_storage_account_name}"
-  dns_domain          = "${var.azure_storage_account_name}.blob.core.windows.net"
-}
-
-data "mongodbatlas_stream_privatelink_endpoint" "azure_blob" {
-  project_id = var.project_id
-  id         = mongodbatlas_stream_privatelink_endpoint.azure_blob.id
+resource "mongodbatlas_stream_privatelink_endpoint" "this" {
+  project_id    = var.project_id
+  vendor        = "AZURE_BLOB_STORAGE"
+  provider_name = "AZURE"
+  region        = var.atlas_region
+  # dns_domain follows the format '{storageAccount}.blob.core.windows.net'
+  dns_domain = "${var.storage_account_name}.blob.core.windows.net"
+  # service_endpoint_id follows the format '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.Storage/storageAccounts/{storageAccount}'
+  service_endpoint_id = "/subscriptions/${data.azurerm_client_config.current.subscription_id}/resourceGroups/${var.azure_resource_group}/providers/Microsoft.Storage/storageAccounts/${var.storage_account_name}"
+  depends_on          = [azurerm_private_endpoint.blob_endpoint]
 }
 
 output "privatelink_endpoint_id" {
-  value = mongodbatlas_stream_privatelink_endpoint.azure_blob.id
-}
-
-output "privatelink_endpoint_state" {
-  value = data.mongodbatlas_stream_privatelink_endpoint.azure_blob.state
+  value = mongodbatlas_stream_privatelink_endpoint.this.id
 }
 ```
 
@@ -329,7 +323,7 @@ output "privatelink_endpoint_state" {
 
 - `arn` (String) Amazon Resource Name (ARN). Required for AWS Provider and MSK vendor.
 - `dns_domain` (String) The domain hostname. Required for the following provider and vendor combinations:
-				
+
 	* AWS provider with CONFLUENT vendor.
 
 	* AZURE provider with EVENTHUB, CONFLUENT, or AZURE_BLOB_STORAGE vendor. For AZURE_BLOB_STORAGE, this should follow the format '{storageAccount}.blob.core.windows.net'.

docs/data-sources/stream_privatelink_endpoints.md

@@ -294,21 +294,20 @@ output "service_attachment_uris" {
 
 ### Azure Blob Storage Privatelink
 ```terraform
-resource "mongodbatlas_stream_privatelink_endpoint" "azure_blob" {
-  project_id          = var.project_id
-  provider_name       = "AZURE"
-  vendor              = "AZURE_BLOB_STORAGE"
-  region              = var.azure_region
-  service_endpoint_id = "/subscriptions/${var.azure_subscription_id}/resourceGroups/${var.azure_resource_group}/providers/Microsoft.Storage/storageAccounts/${var.azure_storage_account_name}"
-  dns_domain          = "${var.azure_storage_account_name}.blob.core.windows.net"
-}
-
-data "mongodbatlas_stream_privatelink_endpoints" "all" {
-  project_id = var.project_id
+resource "mongodbatlas_stream_privatelink_endpoint" "this" {
+  project_id    = var.project_id
+  vendor        = "AZURE_BLOB_STORAGE"
+  provider_name = "AZURE"
+  region        = var.atlas_region
+  # dns_domain follows the format '{storageAccount}.blob.core.windows.net'
+  dns_domain = "${var.storage_account_name}.blob.core.windows.net"
+  # service_endpoint_id follows the format '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.Storage/storageAccounts/{storageAccount}'
+  service_endpoint_id = "/subscriptions/${data.azurerm_client_config.current.subscription_id}/resourceGroups/${var.azure_resource_group}/providers/Microsoft.Storage/storageAccounts/${var.storage_account_name}"
+  depends_on          = [azurerm_private_endpoint.blob_endpoint]
 }
 
-output "all_privatelink_endpoints" {
-  value = data.mongodbatlas_stream_privatelink_endpoints.all.results[*].id
+output "privatelink_endpoint_id" {
+  value = mongodbatlas_stream_privatelink_endpoint.this.id
 }
 ```
 
@@ -330,7 +329,7 @@ Read-Only:
 
 - `arn` (String) Amazon Resource Name (ARN). Required for AWS Provider and MSK vendor.
 - `dns_domain` (String) The domain hostname. Required for the following provider and vendor combinations:
-				
+
 	* AWS provider with CONFLUENT vendor.
 
 	* AZURE provider with EVENTHUB, CONFLUENT, or AZURE_BLOB_STORAGE vendor. For AZURE_BLOB_STORAGE, this should follow the format '{storageAccount}.blob.core.windows.net'.

docs/resources/stream_privatelink_endpoint.md

@@ -294,30 +294,20 @@ output "service_attachment_uris" {
 
 ### Azure Blob Storage Privatelink
 ```terraform
-resource "mongodbatlas_stream_privatelink_endpoint" "azure_blob" {
-  project_id          = var.project_id
-  provider_name       = "AZURE"
-  vendor              = "AZURE_BLOB_STORAGE"
-  region              = var.azure_region
-  service_endpoint_id = "/subscriptions/${var.azure_subscription_id}/resourceGroups/${var.azure_resource_group}/providers/Microsoft.Storage/storageAccounts/${var.azure_storage_account_name}"
-  dns_domain          = "${var.azure_storage_account_name}.blob.core.windows.net"
-}
-
-data "mongodbatlas_stream_privatelink_endpoint" "azure_blob" {
-  project_id = var.project_id
-  id         = mongodbatlas_stream_privatelink_endpoint.azure_blob.id
-}
-
-data "mongodbatlas_stream_privatelink_endpoints" "all" {
-  project_id = var.project_id
+resource "mongodbatlas_stream_privatelink_endpoint" "this" {
+  project_id    = var.project_id
+  vendor        = "AZURE_BLOB_STORAGE"
+  provider_name = "AZURE"
+  region        = var.atlas_region
+  # dns_domain follows the format '{storageAccount}.blob.core.windows.net'
+  dns_domain = "${var.storage_account_name}.blob.core.windows.net"
+  # service_endpoint_id follows the format '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.Storage/storageAccounts/{storageAccount}'
+  service_endpoint_id = "/subscriptions/${data.azurerm_client_config.current.subscription_id}/resourceGroups/${var.azure_resource_group}/providers/Microsoft.Storage/storageAccounts/${var.storage_account_name}"
+  depends_on          = [azurerm_private_endpoint.blob_endpoint]
 }
 
 output "privatelink_endpoint_id" {
-  value = mongodbatlas_stream_privatelink_endpoint.azure_blob.id
-}
-
-output "privatelink_endpoint_state" {
-  value = data.mongodbatlas_stream_privatelink_endpoint.azure_blob.state
+  value = mongodbatlas_stream_privatelink_endpoint.this.id
 }
 ```
 
@@ -328,6 +318,7 @@ output "privatelink_endpoint_state" {
 - [AWS S3 PrivateLink](https://github.com/mongodb/terraform-provider-mongodbatlas/tree/v2.9.0/examples/mongodbatlas_stream_privatelink_endpoint/s3)
 - [GCP Confluent PrivateLink](https://github.com/mongodb/terraform-provider-mongodbatlas/tree/v2.9.0/examples/mongodbatlas_stream_privatelink_endpoint/gcp_confluent)
 - [Azure PrivateLink](https://github.com/mongodb/terraform-provider-mongodbatlas/tree/v2.9.0/examples/mongodbatlas_stream_privatelink_endpoint/azure)
+- [Azure Blob Storage PrivateLink](https://github.com/mongodb/terraform-provider-mongodbatlas/tree/v2.9.0/examples/mongodbatlas_stream_privatelink_endpoint/azure_blob_storage)
 
 <!-- schema generated by tfplugindocs -->
 ## Schema
@@ -348,7 +339,7 @@ output "privatelink_endpoint_state" {
 
 - `arn` (String) Amazon Resource Name (ARN). Required for AWS Provider and MSK vendor.
 - `dns_domain` (String) The domain hostname. Required for the following provider and vendor combinations:
-				
+
 	* AWS provider with CONFLUENT vendor.
 
 	* AZURE provider with EVENTHUB, CONFLUENT, or AZURE_BLOB_STORAGE vendor. For AZURE_BLOB_STORAGE, this should follow the format '{storageAccount}.blob.core.windows.net'.

examples/mongodbatlas_stream_privatelink_endpoint/azure_blob_storage/azure.tf

@@ -0,0 +1,63 @@
+resource "azurerm_resource_group" "rg" {
+  name     = var.azure_resource_group
+  location = var.azure_region
+}
+
+resource "azurerm_virtual_network" "vnet" {
+  name                = var.vnet_name
+  address_space       = var.vnet_address_space
+  location            = azurerm_resource_group.rg.location
+  resource_group_name = azurerm_resource_group.rg.name
+}
+
+resource "azurerm_subnet" "subnet" {
+  name                 = var.subnet_name
+  resource_group_name  = azurerm_resource_group.rg.name
+  virtual_network_name = azurerm_virtual_network.vnet.name
+  address_prefixes     = var.subnet_address_prefix
+}
+
+resource "azurerm_storage_account" "storage" {
+  name                     = var.storage_account_name
+  resource_group_name      = azurerm_resource_group.rg.name
+  location                 = azurerm_resource_group.rg.location
+  account_tier             = "Standard"
+  account_replication_type = "LRS"
+  # Disable public access so all traffic goes through the private endpoint
+  public_network_access_enabled = false
+}
+
+resource "azurerm_private_dns_zone" "dns_zone" {
+  name                = "privatelink.blob.core.windows.net"
+  resource_group_name = azurerm_resource_group.rg.name
+}
+
+resource "azurerm_private_dns_zone_virtual_network_link" "dns_zone_link" {
+  name                  = "${var.vnet_name}-dns-link"
+  resource_group_name   = azurerm_resource_group.rg.name
+  private_dns_zone_name = azurerm_private_dns_zone.dns_zone.name
+  virtual_network_id    = azurerm_virtual_network.vnet.id
+}
+
+resource "azurerm_private_endpoint" "blob_endpoint" {
+  name                = "pe-${var.storage_account_name}"
+  location            = azurerm_resource_group.rg.location
+  resource_group_name = azurerm_resource_group.rg.name
+  subnet_id           = azurerm_subnet.subnet.id
+
+  private_service_connection {
+    name                           = "psc-${var.storage_account_name}"
+    is_manual_connection           = false
+    private_connection_resource_id = azurerm_storage_account.storage.id
+    subresource_names              = ["blob"]
+  }
+
+  private_dns_zone_group {
+    name                 = "default-dns-group"
+    private_dns_zone_ids = [azurerm_private_dns_zone.dns_zone.id]
+  }
+
+  depends_on = [azurerm_private_dns_zone_virtual_network_link.dns_zone_link]
+}
+
+data "azurerm_client_config" "current" {}

examples/mongodbatlas_stream_privatelink_endpoint/azure_blob_storage/main.tf

@@ -0,0 +1,15 @@
+resource "mongodbatlas_stream_privatelink_endpoint" "this" {
+  project_id    = var.project_id
+  vendor        = "AZURE_BLOB_STORAGE"
+  provider_name = "AZURE"
+  region        = var.atlas_region
+  # dns_domain follows the format '{storageAccount}.blob.core.windows.net'
+  dns_domain = "${var.storage_account_name}.blob.core.windows.net"
+  # service_endpoint_id follows the format '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.Storage/storageAccounts/{storageAccount}'
+  service_endpoint_id = "/subscriptions/${data.azurerm_client_config.current.subscription_id}/resourceGroups/${var.azure_resource_group}/providers/Microsoft.Storage/storageAccounts/${var.storage_account_name}"
+  depends_on          = [azurerm_private_endpoint.blob_endpoint]
+}
+
+output "privatelink_endpoint_id" {
+  value = mongodbatlas_stream_privatelink_endpoint.this.id
+}

examples/mongodbatlas_stream_privatelink_endpoint/azure_blob_storage/providers.tf

@@ -0,0 +1,9 @@
+provider "azurerm" {
+  features {}
+  # assumes Azure CLI login ('az login') or other standard auth
+}
+
+provider "mongodbatlas" {
+  client_id     = var.atlas_client_id
+  client_secret = var.atlas_client_secret
+}

examples/mongodbatlas_stream_privatelink_endpoint/azure_blob_storage/variables.tf

@@ -0,0 +1,59 @@
+# Azure variables
+variable "azure_region" {
+  description = "The Azure region where resources will be created."
+  type        = string
+}
+
+variable "azure_resource_group" {
+  description = "Name for the Azure resource group."
+  type        = string
+}
+
+variable "storage_account_name" {
+  description = "Globally unique name for the Azure Storage Account (3-24 lowercase alphanumeric characters)."
+  type        = string
+}
+
+variable "vnet_name" {
+  description = "Name for the Azure Virtual Network."
+  type        = string
+}
+
+variable "subnet_name" {
+  description = "Name for the Azure Subnet that will host the Private Endpoint."
+  type        = string
+}
+
+variable "vnet_address_space" {
+  description = "The address space for the Azure Virtual Network."
+  type        = list(string)
+}
+
+variable "subnet_address_prefix" {
+  description = "The address prefix for the Azure Subnet."
+  type        = list(string)
+}
+
+# MongoDB Atlas variables
+variable "project_id" {
+  description = "The ID of the MongoDB Atlas project."
+  type        = string
+}
+
+variable "atlas_region" {
+  description = "The Atlas region of the Provider's cluster. See [AZURE](https://www.mongodb.com/docs/atlas/reference/microsoft-azure/#stream-processing-instances)"
+  type        = string
+}
+
+variable "atlas_client_id" {
+  description = "MongoDB Atlas Service Account Client ID"
+  type        = string
+  default     = ""
+}
+
+variable "atlas_client_secret" {
+  description = "MongoDB Atlas Service Account Client Secret"
+  type        = string
+  sensitive   = true
+  default     = ""
+}

examples/mongodbatlas_stream_privatelink_endpoint/azure_blob_storage/versions.tf

@@ -0,0 +1,12 @@
+terraform {
+  required_providers {
+    mongodbatlas = {
+      source = "mongodb/mongodbatlas"
+    }
+    azurerm = {
+      source  = "hashicorp/azurerm"
+      version = "~> 3.0"
+    }
+  }
+  required_version = ">= 1.0"
+}

templates/data-sources/stream_privatelink_endpoint.md.tmpl

@@ -20,6 +20,9 @@ subcategory: "Streams"
 ### GCP Confluent Privatelink
 {{ tffile (printf "examples/%s/gcp_confluent/main.tf" .Name )}}
 
+### Azure Blob Storage Privatelink
+{{ tffile (printf "examples/%s/azure_blob_storage/main.tf" .Name )}}
+
 {{ .SchemaMarkdown | trimspace }}
 
 For more information see: [MongoDB Atlas API - Streams Privatelink](https://www.mongodb.com/docs/api/doc/atlas-admin-api-v2/operation/operation-createprivatelinkconnection) Documentation.

templates/data-sources/stream_privatelink_endpoints.md.tmpl

@@ -20,6 +20,9 @@ subcategory: "Streams"
 ### GCP Confluent Privatelink
 {{ tffile (printf "examples/mongodbatlas_stream_privatelink_endpoint/gcp_confluent/main.tf" )}}
 
+### Azure Blob Storage Privatelink
+{{ tffile (printf "examples/mongodbatlas_stream_privatelink_endpoint/azure_blob_storage/main.tf" )}}
+
 {{ .SchemaMarkdown | trimspace }}
 
 For more information see: [MongoDB Atlas API - Streams Privatelink](https://www.mongodb.com/docs/api/doc/atlas-admin-api-v2/operation/operation-createprivatelinkconnection) Documentation.