require cluster for creating private link connection

Author: christineschen

docs/data-sources/stream_privatelink_endpoint.md

@@ -342,7 +342,27 @@ output "dns_domain" {
 ```
 
 ### Azure Blob Storage Privatelink
+
+~> **NOTE:** An Azure cluster must be provisioned in the same region before creating an Azure Blob Storage private endpoint.
+
 ```terraform
+resource "mongodbatlas_advanced_cluster" "cluster" {
+  project_id   = var.project_id
+  name         = var.cluster_name
+  cluster_type = "REPLICASET"
+  replication_specs = [{
+    region_configs = [{
+      priority      = 7
+      provider_name = "AZURE"
+      region_name   = "US_EAST_2"
+      electable_specs = {
+        instance_size = "M10"
+        node_count    = 3
+      }
+    }]
+  }]
+}
+
 resource "mongodbatlas_stream_privatelink_endpoint" "this" {
   project_id    = var.project_id
   vendor        = "AZURE_BLOB_STORAGE"
@@ -352,7 +372,7 @@ resource "mongodbatlas_stream_privatelink_endpoint" "this" {
   dns_domain = "${var.storage_account_name}.blob.core.windows.net"
   # service_endpoint_id follows the format `/subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.Storage/storageAccounts/{storageAccount}`
   service_endpoint_id = "/subscriptions/${data.azurerm_client_config.current.subscription_id}/resourceGroups/${var.azure_resource_group}/providers/Microsoft.Storage/storageAccounts/${var.storage_account_name}"
-  depends_on          = [azurerm_private_endpoint.blob_endpoint]
+  depends_on          = [mongodbatlas_advanced_cluster.cluster, azurerm_private_endpoint.blob_endpoint]
 }
 
 output "privatelink_endpoint_id" {
@@ -375,7 +395,9 @@ output "privatelink_endpoint_id" {
 
 	* AWS provider with CONFLUENT vendor.
 
-	* AZURE provider with EVENTHUB, CONFLUENT, or AZURE_BLOB_STORAGE vendor. For AZURE_BLOB_STORAGE, this should follow the format `{storageAccount}.blob.core.windows.net`.
+	* AZURE provider with EVENTHUB or CONFLUENT vendor.
+
+	* AZURE provider with AZURE_BLOB_STORAGE vendor. This should follow the format `{storageAccount}.blob.core.windows.net`.
 
 	* For GCP provider with PUBSUB vendor, the API computes this process.
 - `dns_sub_domain` (List of String) Sub-Domain name of Confluent cluster. These are typically your availability zones. Required for AWS Provider and CONFLUENT vendor. If your AWS CONFLUENT cluster doesn't use subdomains, you must set this to the empty array [].

docs/data-sources/stream_privatelink_endpoints.md

@@ -342,7 +342,27 @@ output "dns_domain" {
 ```
 
 ### Azure Blob Storage Privatelink
+
+~> **NOTE:** An Azure cluster must be provisioned in the same region before creating an Azure Blob Storage private endpoint.
+
 ```terraform
+resource "mongodbatlas_advanced_cluster" "cluster" {
+  project_id   = var.project_id
+  name         = var.cluster_name
+  cluster_type = "REPLICASET"
+  replication_specs = [{
+    region_configs = [{
+      priority      = 7
+      provider_name = "AZURE"
+      region_name   = "US_EAST_2"
+      electable_specs = {
+        instance_size = "M10"
+        node_count    = 3
+      }
+    }]
+  }]
+}
+
 resource "mongodbatlas_stream_privatelink_endpoint" "this" {
   project_id    = var.project_id
   vendor        = "AZURE_BLOB_STORAGE"
@@ -352,7 +372,7 @@ resource "mongodbatlas_stream_privatelink_endpoint" "this" {
   dns_domain = "${var.storage_account_name}.blob.core.windows.net"
   # service_endpoint_id follows the format `/subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.Storage/storageAccounts/{storageAccount}`
   service_endpoint_id = "/subscriptions/${data.azurerm_client_config.current.subscription_id}/resourceGroups/${var.azure_resource_group}/providers/Microsoft.Storage/storageAccounts/${var.storage_account_name}"
-  depends_on          = [azurerm_private_endpoint.blob_endpoint]
+  depends_on          = [mongodbatlas_advanced_cluster.cluster, azurerm_private_endpoint.blob_endpoint]
 }
 
 output "privatelink_endpoint_id" {
@@ -381,7 +401,9 @@ Read-Only:
 
 	* AWS provider with CONFLUENT vendor.
 
-	* AZURE provider with EVENTHUB, CONFLUENT, or AZURE_BLOB_STORAGE vendor. For AZURE_BLOB_STORAGE, this should follow the format `{storageAccount}.blob.core.windows.net`.
+	* AZURE provider with EVENTHUB or CONFLUENT vendor.
+
+	* AZURE provider with AZURE_BLOB_STORAGE vendor. This should follow the format `{storageAccount}.blob.core.windows.net`.
 
 	* For GCP provider with PUBSUB vendor, the API computes this process.
 - `dns_sub_domain` (List of String) Sub-Domain name of Confluent cluster. These are typically your availability zones. Required for AWS Provider and CONFLUENT vendor. If your AWS CONFLUENT cluster doesn't use subdomains, you must set this to the empty array [].

docs/resources/stream_connection.md

@@ -210,6 +210,30 @@ resource "mongodbatlas_stream_connection" "example_gcp_pubsub_psc" {
 }
 ```
 
+### Example Azure Blob Storage Connection with Private Link
+
+~> **NOTE:** An Azure cluster must be provisioned in the same region before creating an Azure Blob Storage private endpoint.
+
+```terraform
+resource "mongodbatlas_stream_connection" "example_azure_blob_private_link" {
+    project_id      = var.project_id
+    workspace_name  = mongodbatlas_stream_workspace.example.workspace_name
+    connection_name = "AzureBlobStoragePLConnection"
+    type            = "AzureBlobStorage"
+    azure = {
+      service_principal_id = "<AZURE_SERVICE_PRINCIPAL_ID>"
+      storage_account_name = "<AZURE_STORAGE_ACCOUNT_NAME>"
+      region               = "<AZURE_REGION>"
+    }
+    networking = {
+      access = {
+        type          = "PRIVATE_LINK"
+        connection_id = mongodbatlas_stream_privatelink_endpoint.azure_blob.id
+      }
+    }
+}
+```
+
 ### Example Https Connection
 
 ```terraform

docs/resources/stream_privatelink_endpoint.md

@@ -345,17 +345,37 @@ output "dns_domain" {
 ```
 
 ### Azure Blob Storage Privatelink
+
+~> **NOTE:** An Azure cluster must be provisioned in the same region before creating an Azure Blob Storage private endpoint.
+
 ```terraform
+resource "mongodbatlas_advanced_cluster" "cluster" {
+  project_id   = var.project_id
+  name         = var.cluster_name
+  cluster_type = "REPLICASET"
+  replication_specs = [{
+    region_configs = [{
+      priority      = 7
+      provider_name = "AZURE"
+      region_name   = "US_EAST_2"
+      electable_specs = {
+        instance_size = "M10"
+        node_count    = 3
+      }
+    }]
+  }]
+}
+
 resource "mongodbatlas_stream_privatelink_endpoint" "this" {
   project_id    = var.project_id
   vendor        = "AZURE_BLOB_STORAGE"
   provider_name = "AZURE"
   region        = var.atlas_region
-  # dns_domain follows the format `{storageAccount}.blob.core.windows.net`
+  # dns_domain follows the format '{storageAccount}.blob.core.windows.net'
   dns_domain = "${var.storage_account_name}.blob.core.windows.net"
-  # service_endpoint_id follows the format `/subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.Storage/storageAccounts/{storageAccount}`
+  # service_endpoint_id follows the format '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.Storage/storageAccounts/{storageAccount}'
   service_endpoint_id = "/subscriptions/${data.azurerm_client_config.current.subscription_id}/resourceGroups/${var.azure_resource_group}/providers/Microsoft.Storage/storageAccounts/${var.storage_account_name}"
-  depends_on          = [azurerm_private_endpoint.blob_endpoint]
+  depends_on          = [mongodbatlas_advanced_cluster.cluster, azurerm_private_endpoint.blob_endpoint]
 }
 
 output "privatelink_endpoint_id" {
@@ -371,7 +391,7 @@ output "privatelink_endpoint_id" {
 - [GCP Confluent PrivateLink](https://github.com/mongodb/terraform-provider-mongodbatlas/tree/v2.11.0/examples/mongodbatlas_stream_privatelink_endpoint/gcp_confluent)
 - [GCP Pub/Sub Private Service Connect](https://github.com/mongodb/terraform-provider-mongodbatlas/tree/v2.11.0/examples/mongodbatlas_stream_privatelink_endpoint/gcp_pubsub)
 - [Azure PrivateLink](https://github.com/mongodb/terraform-provider-mongodbatlas/tree/v2.11.0/examples/mongodbatlas_stream_privatelink_endpoint/azure)
-- [Azure Blob Storage PrivateLink](https://github.com/mongodb/terraform-provider-mongodbatlas/tree/v2.10.0/examples/mongodbatlas_stream_privatelink_endpoint/azure_blob_storage)
+- [Azure Blob Storage PrivateLink](https://github.com/mongodb/terraform-provider-mongodbatlas/tree/v2.11.0/examples/mongodbatlas_stream_privatelink_endpoint/azure_blob_storage)
 
 <!-- schema generated by tfplugindocs -->
 ## Schema
@@ -395,7 +415,9 @@ output "privatelink_endpoint_id" {
 
 	* AWS provider with CONFLUENT vendor.
 
-	* AZURE provider with EVENTHUB, CONFLUENT, or AZURE_BLOB_STORAGE vendor. For AZURE_BLOB_STORAGE, this should follow the format `{storageAccount}.blob.core.windows.net`.
+	* AZURE provider with EVENTHUB or CONFLUENT vendor.
+
+	* AZURE provider with AZURE_BLOB_STORAGE vendor. This should follow the format `{storageAccount}.blob.core.windows.net`.
 
 	* For GCP provider with PUBSUB vendor, the API computes this process.
 - `dns_sub_domain` (List of String) Sub-Domain name of Confluent cluster. These are typically your availability zones. Required for AWS Provider and CONFLUENT vendor. If your AWS CONFLUENT cluster doesn't use subdomains, you must set this to the empty array [].

examples/mongodbatlas_stream_privatelink_endpoint/azure_blob_storage/main.tf

@@ -1,3 +1,20 @@
+resource "mongodbatlas_advanced_cluster" "cluster" {
+  project_id   = var.project_id
+  name         = var.cluster_name
+  cluster_type = "REPLICASET"
+  replication_specs = [{
+    region_configs = [{
+      priority      = 7
+      provider_name = "AZURE"
+      region_name   = "US_EAST_2"
+      electable_specs = {
+        instance_size = "M10"
+        node_count    = 3
+      }
+    }]
+  }]
+}
+
 resource "mongodbatlas_stream_privatelink_endpoint" "this" {
   project_id    = var.project_id
   vendor        = "AZURE_BLOB_STORAGE"
@@ -7,7 +24,7 @@ resource "mongodbatlas_stream_privatelink_endpoint" "this" {
   dns_domain = "${var.storage_account_name}.blob.core.windows.net"
   # service_endpoint_id follows the format `/subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.Storage/storageAccounts/{storageAccount}`
   service_endpoint_id = "/subscriptions/${data.azurerm_client_config.current.subscription_id}/resourceGroups/${var.azure_resource_group}/providers/Microsoft.Storage/storageAccounts/${var.storage_account_name}"
-  depends_on          = [azurerm_private_endpoint.blob_endpoint]
+  depends_on          = [mongodbatlas_advanced_cluster.cluster, azurerm_private_endpoint.blob_endpoint]
 }
 
 output "privatelink_endpoint_id" {

examples/mongodbatlas_stream_privatelink_endpoint/azure_blob_storage/variables.tf

@@ -40,6 +40,11 @@ variable "project_id" {
   type        = string
 }
 
+variable "cluster_name" {
+  description = "Name of the Azure cluster required for private link provisioning."
+  type        = string
+}
+
 variable "atlas_region" {
   description = "The Atlas region of the Provider's cluster. See [AZURE](https://www.mongodb.com/docs/atlas/reference/microsoft-azure/#stream-processing-instances)"
   type        = string

internal/service/streamconnection/resource_stream_connection_test.go

@@ -1329,6 +1329,7 @@ func TestAccStreamRSStreamConnection_AzureBlobStorage(t *testing.T) {
 func TestAccStreamRSStreamConnection_AzureBlobStoragePrivateLink(t *testing.T) {
 	var (
 		projectID, instanceName = acc.ProjectIDExecutionWithStreamInstance(t)
+		clusterName             = acc.RandomClusterName()
 		connectionName          = acc.RandomName()
 		clientID                = os.Getenv("AZURE_CLIENT_ID")
 		clientSecret            = os.Getenv("AZURE_APP_SECRET")
@@ -1347,7 +1348,7 @@ func TestAccStreamRSStreamConnection_AzureBlobStoragePrivateLink(t *testing.T) {
 		CheckDestroy:             CheckDestroyStreamConnection,
 		Steps: []resource.TestStep{
 			{
-				Config: dataSourceConfig + configureAzureBlobStoragePrivateLink(projectID, instanceName, connectionName, clientID, clientSecret, subscriptionID, tenantID, atlasAzureAppID, servicePrincipalID, resourceGroupName, storageAccountName, storageContainerName),
+				Config: dataSourceConfig + configureAzureBlobStoragePrivateLink(projectID, instanceName, clusterName, connectionName, clientID, clientSecret, subscriptionID, tenantID, atlasAzureAppID, servicePrincipalID, resourceGroupName, storageAccountName, storageContainerName),
 				Check: resource.ComposeAggregateTestCheckFunc(
 					checkAzureBlobStoragePrivateLinkAttributes(resourceName, instanceName, connectionName, servicePrincipalID, storageAccountName),
 					checkAzureBlobStoragePrivateLinkAttributes(dataSourceName, instanceName, connectionName, servicePrincipalID, storageAccountName),
@@ -1412,22 +1413,40 @@ func checkAzureBlobStorageAttributes(resourceNames ...string) resource.TestCheck
 	return resource.ComposeAggregateTestCheckFunc(checks...)
 }
 
-func configureAzureBlobStoragePrivateLink(projectID, workspaceName, connectionName, clientID, clientSecret, subscriptionID, tenantID, atlasAzureAppID, servicePrincipalID, resourceGroupName, storageAccountName, storageContainerName string) string {
+func configureAzureBlobStoragePrivateLink(projectID, workspaceName, clusterName, connectionName, clientID, clientSecret, subscriptionID, tenantID, atlasAzureAppID, servicePrincipalID, resourceGroupName, storageAccountName, storageContainerName string) string {
 	return acc.ConfigAzurermProvider(subscriptionID, clientID, clientSecret, tenantID) +
 		acc.ConfigAzureCloudProviderAccess(projectID, atlasAzureAppID, servicePrincipalID, tenantID) +
 		acc.ConfigAzureStorageResources("blob", resourceGroupName, storageAccountName, storageContainerName, servicePrincipalID) +
-		configAzureBlobStoragePrivateLinkResources(projectID, workspaceName, connectionName)
+		configAzureBlobStoragePrivateLinkResources(projectID, workspaceName, clusterName, connectionName)
 }
 
-func configAzureBlobStoragePrivateLinkResources(projectID, workspaceName, connectionName string) string {
+func configAzureBlobStoragePrivateLinkResources(projectID, workspaceName, clusterName, connectionName string) string {
 	return fmt.Sprintf(`
+		resource "mongodbatlas_advanced_cluster" "test" {
+			project_id   = %[1]q
+			name         = %[4]q
+			cluster_type = "REPLICASET"
+			replication_specs = [{
+				region_configs = [{
+					priority      = 7
+					provider_name = "AZURE"
+					region_name   = "US_EAST_2"
+					electable_specs = {
+						instance_size = "M10"
+						node_count    = 3
+					}
+				}]
+			}]
+		}
+
 		resource "mongodbatlas_stream_privatelink_endpoint" "test" {
 			project_id          = %[1]q
 			provider_name       = "AZURE"
 			vendor              = "AZURE_BLOB_STORAGE"
 			region              = azurerm_resource_group.blob_rg.location
 			service_endpoint_id = azurerm_storage_account.blob_storage.id
 			dns_domain          = "${azurerm_storage_account.blob_storage.name}.blob.core.windows.net"
+			depends_on          = [mongodbatlas_advanced_cluster.test]
 		}
 
 		resource "mongodbatlas_stream_connection" "test" {
@@ -1451,7 +1470,7 @@ func configAzureBlobStoragePrivateLinkResources(projectID, workspaceName, connec
 				azurerm_role_assignment.blob_contributor,
 			]
 		}
-	`, projectID, workspaceName, connectionName)
+	`, projectID, workspaceName, connectionName, clusterName)
 }
 
 func checkAzureBlobStoragePrivateLinkAttributes(resourceName, workspaceName, connectionName, servicePrincipalID, storageAccountName string) resource.TestCheckFunc {

internal/service/streamprivatelinkendpoint/resource_schema.go

@@ -23,7 +23,9 @@ func ResourceSchema(ctx context.Context) schema.Schema {
 
 	* AWS provider with CONFLUENT vendor.
 
-	* AZURE provider with EVENTHUB, CONFLUENT, or AZURE_BLOB_STORAGE vendor. For AZURE_BLOB_STORAGE, this should follow the format '{storageAccount}.blob.core.windows.net'.
+	* AZURE provider with EVENTHUB or CONFLUENT vendor.
+
+	* AZURE provider with AZURE_BLOB_STORAGE vendor. This should follow the format ` + "`{storageAccount}.blob.core.windows.net`" + `.
 
 	* For GCP provider with PUBSUB vendor, the API computes this process.`,
 			},

internal/service/streamprivatelinkendpoint/resource_test.go

@@ -486,6 +486,7 @@ func basicAzureBlobStorageTestCase(t *testing.T) *resource.TestCase {
 
 	var (
 		projectID          = acc.ProjectIDExecution(t)
+		clusterName        = acc.RandomClusterName()
 		provider           = "AZURE"
 		vendor             = "AZURE_BLOB_STORAGE"
 		subscriptionID     = os.Getenv("AZURE_SUBSCRIPTION_ID")
@@ -503,7 +504,7 @@ func basicAzureBlobStorageTestCase(t *testing.T) *resource.TestCase {
 		ProtoV6ProviderFactories: acc.TestAccProviderV6Factories,
 		Steps: []resource.TestStep{
 			{
-				Config: acc.GetCompleteAzureBlobStorageConfig(projectID, subscriptionID, clientID, clientSecret, tenantID, resourceGroupName, storageAccountName),
+				Config: acc.GetCompleteAzureBlobStorageConfig(projectID, clusterName, subscriptionID, clientID, clientSecret, tenantID, resourceGroupName, storageAccountName),
 				Check:  checksStreamPrivatelinkEndpointAzureBlobStorage(projectID, provider, vendor),
 			},
 			{

internal/testutil/acc/stream_privatelink_endpoint.go

@@ -157,10 +157,27 @@ func GetCompleteMskConfig(projectID, clusterArn string) string {
 	}`, projectID, clusterArn)
 }
 
-func GetCompleteAzureBlobStorageConfig(projectID, subscriptionID, clientID, clientSecret, tenantID, resourceGroupName, storageAccountName string) string {
+func GetCompleteAzureBlobStorageConfig(projectID, clusterName, subscriptionID, clientID, clientSecret, tenantID, resourceGroupName, storageAccountName string) string {
 	return fmt.Sprintf(`
 	%[1]s
 
+	resource "mongodbatlas_advanced_cluster" "test" {
+		project_id   = %[2]q
+		name         = %[5]q
+		cluster_type = "REPLICASET"
+		replication_specs = [{
+			region_configs = [{
+				priority      = 7
+				provider_name = "AZURE"
+				region_name   = "US_EAST_2"
+				electable_specs = {
+					instance_size = "M10"
+					node_count    = 3
+				}
+			}]
+		}]
+	}
+
 	resource "azurerm_resource_group" "blob_pl_rg" {
 		name     = %[3]q
 		location = "East US 2"
@@ -181,6 +198,7 @@ func GetCompleteAzureBlobStorageConfig(projectID, subscriptionID, clientID, clie
 		region              = "eastus2"
 		service_endpoint_id = azurerm_storage_account.blob_pl_storage.id
 		dns_domain          = "${azurerm_storage_account.blob_pl_storage.name}.blob.core.windows.net"
+		depends_on          = [mongodbatlas_advanced_cluster.test]
 	}
 
 	data "mongodbatlas_stream_privatelink_endpoint" "test" {
@@ -194,7 +212,7 @@ func GetCompleteAzureBlobStorageConfig(projectID, subscriptionID, clientID, clie
 			mongodbatlas_stream_privatelink_endpoint.test
 		]
 	}`, ConfigAzurermProvider(subscriptionID, clientID, clientSecret, tenantID),
-		projectID, resourceGroupName, storageAccountName)
+		projectID, resourceGroupName, storageAccountName, clusterName)
 }
 
 func GetCompleteS3Config(projectID, region string) string {