diff --git a/ec/ecresource/deploymentresource/deployment/v2/deployment_create_payload.go b/ec/ecresource/deploymentresource/deployment/v2/deployment_create_payload.go index f7aad6e0f..f93a484fa 100644 --- a/ec/ecresource/deploymentresource/deployment/v2/deployment_create_payload.go +++ b/ec/ecresource/deploymentresource/deployment/v2/deployment_create_payload.go @@ -19,6 +19,7 @@ package v2 import ( "context" + "github.com/elastic/cloud-sdk-go/pkg/api" "github.com/elastic/cloud-sdk-go/pkg/api/deploymentapi/deptemplateapi" "github.com/elastic/cloud-sdk-go/pkg/api/deploymentapi/esremoteclustersapi" @@ -43,6 +44,7 @@ type DeploymentTF struct { Version types.String `tfsdk:"version"` Region types.String `tfsdk:"region"` DeploymentTemplateId types.String `tfsdk:"deployment_template_id"` + ByokArn types.String `tfsdk:"byok_arn"` Name types.String `tfsdk:"name"` RequestId types.String `tfsdk:"request_id"` ElasticsearchUsername types.String `tfsdk:"elasticsearch_username"` @@ -173,6 +175,14 @@ func (dep DeploymentTF) CreateRequest(ctx context.Context, client *api.API) (*mo result.Settings.Observability = observabilityPayload + if !dep.ByokArn.IsNull() && !dep.ByokArn.IsUnknown() { + if result.Settings.Byok == nil { + result.Settings.Byok = &models.ByokSettings{KeyResourcePath: ec.String(dep.ByokArn.ValueString())} + } else { + result.Settings.Byok.KeyResourcePath = ec.String(dep.ByokArn.ValueString()) + } + } + result.Metadata.Tags, diags = converters.TypesMapToModelsTags(ctx, dep.Tags) if diags.HasError() { diff --git a/ec/ecresource/deploymentresource/deployment/v2/deployment_read.go b/ec/ecresource/deploymentresource/deployment/v2/deployment_read.go index 5566661ba..5011a1c8f 100644 --- a/ec/ecresource/deploymentresource/deployment/v2/deployment_read.go +++ b/ec/ecresource/deploymentresource/deployment/v2/deployment_read.go @@ -55,6 +55,7 @@ type Deployment struct { DeploymentTemplateId string `tfsdk:"deployment_template_id"` Name string `tfsdk:"name"` RequestId string `tfsdk:"request_id"` + ByokArn *string `tfsdk:"byok_arn"` ElasticsearchUsername string `tfsdk:"elasticsearch_username"` ElasticsearchPassword string `tfsdk:"elasticsearch_password"` ApmSecretToken *string `tfsdk:"apm_secret_token"` @@ -204,6 +205,10 @@ func ReadDeployment(res *models.DeploymentGetResponse, remotes *models.RemoteRes dep.Tags = converters.ModelsTagsToMap(res.Metadata.Tags) } + if res.Metadata != nil && *res.Metadata.ByokEnabled { + dep.ByokArn = res.Settings.Byok.KeyResourcePath + } + if res.Resources == nil { return nil, nil } diff --git a/ec/ecresource/deploymentresource/deployment/v2/schema.go b/ec/ecresource/deploymentresource/deployment/v2/schema.go index 5bfff498e..beadc357b 100644 --- a/ec/ecresource/deploymentresource/deployment/v2/schema.go +++ b/ec/ecresource/deploymentresource/deployment/v2/schema.go @@ -73,6 +73,13 @@ func DeploymentSchema() schema.Schema { Description: "Deployment template identifier to create the deployment from. See the [full list](https://www.elastic.co/guide/en/cloud/current/ec-regions-templates-instances.html) of regions and deployment templates available in ESS.", Required: true, }, + "byok_arn": schema.StringAttribute{ + Description: "Reference to a customer-managed key for data-at-rest encryption", + Optional: true, + PlanModifiers: []planmodifier.String{ + stringplanmodifier.RequiresReplace(), + }, + }, "name": schema.StringAttribute{ Description: "Name for the deployment", Optional: true,