feat: update private-endpoint-aws resource

Author: sivaram-mongodb

cfn-resources/private-endpoint-aws/cmd/resource/model.go

@@ -21,7 +21,7 @@ import (
 	"net/http"
 	"strings"
 
-	admin20231115014 "go.mongodb.org/atlas-sdk/v20231115014/admin"
+	"go.mongodb.org/atlas-sdk/v20250312012/admin"
 
 	"github.com/aws-cloudformation/cloudformation-cli-go-plugin/cfn/handler"
 	"github.com/aws/aws-sdk-go-v2/aws"
@@ -92,11 +92,13 @@ func Create(req handler.Request, prevModel *Model, currentModel *Model) (handler
 				*privateEndpoint.ConnectionStatus == Rejected {
 				return handler.ProgressEvent{
 					OperationStatus: handler.Failed,
-					Message:         fmt.Sprintf("Connection was Rejected : %s", *privateEndpoint.ErrorMessage),
+					Message:         fmt.Sprintf("Connection was Rejected: %s", *privateEndpoint.ErrorMessage),
 					ResourceModel:   currentModel,
 				}, nil
 			}
 
+			currentModel.completeByAtlasModel(*privateEndpoint)
+
 			return handler.ProgressEvent{
 				OperationStatus: handler.Success,
 				Message:         "Create Success",
@@ -115,11 +117,11 @@ func Create(req handler.Request, prevModel *Model, currentModel *Model) (handler
 			}}, nil
 	}
 
-	endpointRequest := admin20231115014.CreateEndpointRequest{
+	endpointRequest := admin.CreateEndpointRequest{
 		Id: currentModel.Id,
 	}
 
-	privateEndpointRequest := client.Atlas20231115014.PrivateEndpointServicesApi.CreatePrivateEndpoint(context.Background(), *currentModel.ProjectId,
+	privateEndpointRequest := client.AtlasSDK.PrivateEndpointServicesApi.CreatePrivateEndpoint(context.Background(), *currentModel.ProjectId,
 		CloudProvider, *currentModel.EndpointServiceId, &endpointRequest)
 
 	_, response, err := privateEndpointRequest.Execute()
@@ -146,8 +148,8 @@ func Create(req handler.Request, prevModel *Model, currentModel *Model) (handler
 		}}, nil
 }
 
-func getPrivateEndpoint(client *util.MongoDBClient, model *Model) (*admin20231115014.PrivateLinkEndpoint, *http.Response, error) {
-	privateEndpointRequest := client.Atlas20231115014.PrivateEndpointServicesApi.GetPrivateEndpoint(context.Background(), *model.ProjectId,
+func getPrivateEndpoint(client *util.MongoDBClient, model *Model) (*admin.PrivateLinkEndpoint, *http.Response, error) {
+	privateEndpointRequest := client.AtlasSDK.PrivateEndpointServicesApi.GetPrivateEndpoint(context.Background(), *model.ProjectId,
 		CloudProvider, *model.Id, *model.EndpointServiceId)
 	privateEndpoint, response, err := privateEndpointRequest.Execute()
 
@@ -184,9 +186,13 @@ func Read(req handler.Request, prevModel *Model, currentModel *Model) (handler.P
 	}, nil
 }
 
-func (m *Model) completeByAtlasModel(privateEndpoint admin20231115014.PrivateLinkEndpoint) {
-	m.ErrorMessage = privateEndpoint.ErrorMessage
+func (m *Model) completeByAtlasModel(privateEndpoint admin.PrivateLinkEndpoint) {
+	m.InterfaceEndpointId = privateEndpoint.InterfaceEndpointId
+	m.PrivateEndpointConnectionName = privateEndpoint.PrivateEndpointConnectionName
+	m.PrivateEndpointResourceId = privateEndpoint.PrivateEndpointResourceId
+	m.DeleteRequested = privateEndpoint.DeleteRequested
 	m.ConnectionStatus = privateEndpoint.ConnectionStatus
+	m.ErrorMessage = privateEndpoint.ErrorMessage
 }
 
 // Update handles the Update event from the Cloudformation service.
@@ -218,34 +224,36 @@ func Delete(req handler.Request, prevModel *Model, currentModel *Model) (handler
 			if response.StatusCode == http.StatusNotFound {
 				return handler.ProgressEvent{
 					OperationStatus: handler.Success,
-					Message:         "Create Success",
+					Message:         "Delete Success",
 				}, nil
 			}
 			return progress_events.GetFailedEventByResponse("Error validating Private Endpoint deletion progress", response), nil
 		}
 
 		return handler.ProgressEvent{
 			OperationStatus:      handler.InProgress,
-			Message:              "Create in progress",
+			Message:              "Delete in progress",
 			CallbackDelaySeconds: 20,
 			CallbackContext: map[string]interface{}{
 				"state": "deleting",
 			}}, nil
 	}
 
-	privateEndpointRequest := client.Atlas20231115014.PrivateEndpointServicesApi.DeletePrivateEndpoint(context.Background(), *currentModel.ProjectId,
+	privateEndpointRequest := client.AtlasSDK.PrivateEndpointServicesApi.DeletePrivateEndpoint(context.Background(), *currentModel.ProjectId,
 		CloudProvider, *currentModel.Id, *currentModel.EndpointServiceId)
-	_, response, err := privateEndpointRequest.Execute()
-	defer response.Body.Close()
+	response, err := privateEndpointRequest.Execute()
+	if response != nil && response.Body != nil {
+		defer response.Body.Close()
+	}
 	if err != nil {
-		return progress_events.GetFailedEventByResponse(fmt.Sprintf("error creating Serverless Private Endpoint %s",
+		return progress_events.GetFailedEventByResponse(fmt.Sprintf("error deleting Private Endpoint: %s",
 				err.Error()), response),
 			nil
 	}
 
 	return handler.ProgressEvent{
 		OperationStatus:      handler.InProgress,
-		Message:              "Create in progress",
+		Message:              "Delete in progress",
 		CallbackDelaySeconds: 20,
 		ResourceModel:        currentModel,
 		CallbackContext: map[string]interface{}{

cfn-resources/private-endpoint-aws/cmd/resource/resource.go

@@ -1,6 +1,6 @@
 # MongoDB::Atlas::PrivateEndpointAWS
 
-Creates one private endpoint for the specified cloud service provider. At this current version only AWS is supported
+Creates one private endpoint connection for AWS PrivateLink. This resource links an AWS VPC endpoint to a MongoDB Atlas private endpoint service.
 
 ## Syntax
 
@@ -17,8 +17,6 @@ To declare this entity in your AWS CloudFormation template, use the following sy
         "<a href="#endpointserviceid" title="EndpointServiceId">EndpointServiceId</a>" : <i>String</i>,
         "<a href="#id" title="Id">Id</a>" : <i>String</i>,
         "<a href="#enforceconnectionsuccess" title="EnforceConnectionSuccess">EnforceConnectionSuccess</a>" : <i>Boolean</i>,
-        "<a href="#connectionstatus" title="ConnectionStatus">ConnectionStatus</a>" : <i>String</i>,
-        "<a href="#errormessage" title="ErrorMessage">ErrorMessage</a>" : <i>String</i>
     }
 }
 </pre>
@@ -33,8 +31,6 @@ Properties:
     <a href="#endpointserviceid" title="EndpointServiceId">EndpointServiceId</a>: <i>String</i>
     <a href="#id" title="Id">Id</a>: <i>String</i>
     <a href="#enforceconnectionsuccess" title="EnforceConnectionSuccess">EnforceConnectionSuccess</a>: <i>Boolean</i>
-    <a href="#connectionstatus" title="ConnectionStatus">ConnectionStatus</a>: <i>String</i>
-    <a href="#errormessage" title="ErrorMessage">ErrorMessage</a>: <i>String</i>
 </pre>
 
 ## Properties
@@ -57,55 +53,71 @@ _Required_: Yes
 
 _Type_: String
 
+_Pattern_: <code>^([a-f0-9]{24})$</code>
+
 _Update requires_: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement)
 
 #### EndpointServiceId
 
-Unique 24-hexadecimal digit string that identifies the private endpoint service for which you want to create a private endpoint.
+Unique 24-hexadecimal digit string that identifies the Atlas private endpoint service (created with MongoDB::Atlas::PrivateEndpointService) to which you want to connect this VPC endpoint.
 
 _Required_: Yes
 
 _Type_: String
 
+_Pattern_: <code>^([a-f0-9]{24})$</code>
+
 _Update requires_: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement)
 
 #### Id
 
-Unique string that identifies the private endpoint. for AWS is the VPC endpoint ID, example: vpce-xxxxxxxx
+Unique string that identifies the AWS VPC endpoint (interface endpoint) that you created in your VPC. Example: vpce-0d00c26273372c6ef
 
-_Required_: No
+_Required_: Yes
 
 _Type_: String
 
 _Update requires_: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement)
 
 #### EnforceConnectionSuccess
 
-If this proper is set to TRUE, the cloud formation resource will return success Only if the private connection is Succeeded
+If set to true, CloudFormation will only return success when the private endpoint connection status is AVAILABLE. If set to false, it returns success once the connection is created regardless of status.
 
 _Required_: No
 
 _Type_: Boolean
 
 _Update requires_: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)
 
-#### ConnectionStatus
+## Return Values
 
-State of the Amazon Web Service PrivateLink connection when MongoDB Cloud received this request.
+### Fn::GetAtt
 
-_Required_: No
+The `Fn::GetAtt` intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values.
 
-_Type_: String
+For more information about using the `Fn::GetAtt` intrinsic function, see [Fn::GetAtt](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-getatt.html).
 
-_Update requires_: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)
+#### InterfaceEndpointId
 
-#### ErrorMessage
+Unique identifier of the interface endpoint.
 
-Error message returned when requesting private connection resource. The resource returns null if the request succeeded.
+#### PrivateEndpointConnectionName
 
-_Required_: No
+Name of the connection for this private endpoint that Atlas generates.
 
-_Type_: String
+#### PrivateEndpointResourceId
 
-_Update requires_: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)
+Unique identifier of the private endpoint resource.
+
+#### DeleteRequested
+
+Indicates if Atlas received a request to remove the interface endpoint from the private endpoint connection.
+
+#### ConnectionStatus
+
+Status of the AWS PrivateLink connection. Returns one of: NONE, PENDING_ACCEPTANCE, PENDING, AVAILABLE, REJECTED, DELETING.
+
+#### ErrorMessage
+
+Error message pertaining to the interface endpoint. Returns null if there are no errors.
 

cfn-resources/private-endpoint-aws/docs/README.md

@@ -1,14 +1,15 @@
 {
   "typeName": "MongoDB::Atlas::PrivateEndpointAWS",
-  "description": "Creates one private endpoint for the specified cloud service provider. At this current version only AWS is supported",
+  "description": "Creates one private endpoint connection for AWS PrivateLink. This resource links an AWS VPC endpoint to a MongoDB Atlas private endpoint service.",
   "sourceUrl": "https://github.com/mongodb/mongodbatlas-cloudformation-resources/tree/master/cfn-resources/private-endpoint-aws",
   "documentationUrl": "https://github.com/mongodb/mongodbatlas-cloudformation-resources/blob/master/cfn-resources/private-endpoint-aws/README.md",
   "tagging": {
     "taggable": false
   },
   "required": [
     "ProjectId",
-    "EndpointServiceId"
+    "EndpointServiceId",
+    "Id"
   ],
   "properties": {
     "Profile": {
@@ -18,26 +19,52 @@
     },
     "ProjectId": {
       "description": "Unique 24-hexadecimal digit string that identifies your project.",
-      "type": "string"
+      "type": "string",
+      "pattern": "^([a-f0-9]{24})$"
     },
     "EndpointServiceId": {
-      "description": "Unique 24-hexadecimal digit string that identifies the private endpoint service for which you want to create a private endpoint.",
-      "type": "string"
+      "description": "Unique 24-hexadecimal digit string that identifies the Atlas private endpoint service (created with MongoDB::Atlas::PrivateEndpointService) to which you want to connect this VPC endpoint.",
+      "type": "string",
+      "pattern": "^([a-f0-9]{24})$"
     },
     "Id": {
-      "description": "Unique string that identifies the private endpoint. for AWS is the VPC endpoint ID, example: vpce-xxxxxxxx",
+      "description": "Unique string that identifies the AWS VPC endpoint (interface endpoint) that you created in your VPC. Example: vpce-0d00c26273372c6ef",
       "type": "string"
     },
     "EnforceConnectionSuccess": {
-      "description": "If this proper is set to TRUE, the cloud formation resource will return success Only if the private connection is Succeeded",
+      "description": "If set to true, CloudFormation will only return success when the private endpoint connection status is AVAILABLE. If set to false, it returns success once the connection is created regardless of status.",
       "type": "boolean"
     },
-    "ConnectionStatus": {
-      "description": "State of the Amazon Web Service PrivateLink connection when MongoDB Cloud received this request.",
+    "InterfaceEndpointId": {
+      "description": "Unique identifier of the interface endpoint.",
+      "type": "string"
+    },
+    "PrivateEndpointConnectionName": {
+      "description": "Name of the connection for this private endpoint that Atlas generates.",
+      "type": "string"
+    },
+    "PrivateEndpointResourceId": {
+      "description": "Unique identifier of the private endpoint resource.",
       "type": "string"
     },
+    "DeleteRequested": {
+      "description": "Indicates if Atlas received a request to remove the interface endpoint from the private endpoint connection.",
+      "type": "boolean"
+    },
+    "ConnectionStatus": {
+      "description": "Status of the AWS PrivateLink connection. Returns one of: NONE, PENDING_ACCEPTANCE, PENDING, AVAILABLE, REJECTED, DELETING.",
+      "type": "string",
+      "enum": [
+        "NONE",
+        "PENDING_ACCEPTANCE",
+        "PENDING",
+        "AVAILABLE",
+        "REJECTED",
+        "DELETING"
+      ]
+    },
     "ErrorMessage": {
-      "description": "Error message returned when requesting private connection resource. The resource returns null if the request succeeded.",
+      "description": "Error message pertaining to the interface endpoint. Returns null if there are no errors.",
       "type": "string"
     }
   },
@@ -54,6 +81,14 @@
     "/properties/Profile",
     "/properties/Id"
   ],
+  "readOnlyProperties": [
+    "/properties/InterfaceEndpointId",
+    "/properties/PrivateEndpointConnectionName",
+    "/properties/PrivateEndpointResourceId",
+    "/properties/DeleteRequested",
+    "/properties/ConnectionStatus",
+    "/properties/ErrorMessage"
+  ],
   "handlers": {
     "create": {
       "permissions": [

cfn-resources/private-endpoint-aws/mongodb-atlas-privateendpointaws.json

@@ -0,0 +1,22 @@
+# How to create a MongoDB::Atlas::PrivateEndpointAWS
+
+## Step 1: Activate the PrivateEndpointAWS resource in CloudFormation
+   Step a: Create Role using [execution-role.yaml](https://github.com/mongodb/mongodbatlas-cloudformation-resources/blob/master/examples/execution-role.yaml) in CFN resources folder.
+
+   Step b: Search for MongoDB::Atlas::PrivateEndpointAWS resource.
+
+         (CloudFormation > Public extensions > choose 'Third party' > Search with " Execution name prefix = MongoDB " )
+   
+   Step c: Select and activate
+         Enter the RoleArn that is created in step 1.
+
+   Your PrivateEndpointAWS Resource is ready to use.
+
+## Step 2: Create template using [private-endpoint-aws.json](private-endpoint-aws.json)
+   Note: Make sure you are providing appropriate values for:
+   1. MongoDBAtlasProjectId
+   2. AtlasPrivateEndpointServiceId (get from: `atlas privateEndpoints aws list --projectId <PROJECT_ID>`)
+   3. AWSVPCEndpointId (format: vpce-xxxxxxxxx)
+   4. Profile (optional)
+   5. EnforceConnectionSuccess (optional)
+