Ideally migration of terraform state should be handled or provide a tool for migrating state
We initially rolled out all our clusters with mongo atlas terraform provider version 0.7.0. Since we hadn't pinned the version, we started seeing warning listed below in the terraform plan.
Updating as indicated based on the warning means, a deletion and recreation of the private endpoint/link related resources which will lead to downtime as the cluster will be inaccessible while the private endpoint/link is being recreated.
Ideally migration of terraform state should be handled or provide a tool for migrating state so the resource can be migrated without recreation.
There are warnings related to your configuration. If no errors occurred,
Terraform will continue despite these warnings. It is a good idea to resolve
these warnings in the near future.
module.mongodbatlasds.mongodbatlasprivateendpoint.atlasprivateendpoint: this resource is deprecated, please transition as soon as possible to mongodbatlasprivatelinkendpoint
module.mongodbatlasds.mongodbatlasprivateendpointinterfacelink.atlasprivateendpointinterfacelink: this resource is deprecated, please transition as soon as possible to mongodbatlasprivatelinkendpoint_service
We did try using the import example but unfortunately ran into this issue:
Error importing: Provider "mongodbatlas" depends on non-var "data.external.mongoatlasvaultcredentials.0/data.external.mongoatlasvaultcredentials.N". Providers for import can currently only depend on variables or must be hardcoded. You can stop import from loading configurations by specifying
Our provider configuration is something like this where it pulls the credentials from vault using a script:
Now just for the sake of trying, I did hard code the pubic key/private key in the provider for my dev dc and in that case, the import does work as expected. But since we have 10 data centers for which we have different keys, it's not possible for us to hard code anything since the same code is used for all the DCs. So even though the import option can work for a simple deployment test, it's not a working solution for us.