CDPCP-13882 - Disable the option in the environment resource to let C…

…DP create network/subnets

.github/workflows/test.yml

@@ -118,6 +118,7 @@ jobs:
         run: go install golang.org/x/tools/cmd/deadcode@latest && sh ./deadcode-check.sh
   check-docs:
     runs-on: ubuntu-latest
+    name: 'Terraform Provider Quality Gate :: Documentation'
     steps:
       - name: Checkout repository
         uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4

README.md

@@ -33,7 +33,8 @@ resource "cdp_environments_aws_environment" "example" {
   security_access = {
     cidr = "0.0.0.0/0"
   }
-  network_cidr = "10.10.0.0/16"
+  vpc_id = "vpc-0a1b2c3d4e5f67890"
+  subnet_ids = [ "subnet-0a1b2c3d4e5f67890", "subnet-1f2e3d4c5b6a78901", "subnet-9a8b7c6d5e4f32100" ]
   authentication = {
     public_key_id = "my-key"
   }

docs/resources/environments_aws_environment.md

@@ -65,6 +65,8 @@ output "crn" {
 - `log_storage` (Attributes) (see [below for nested schema](#nestedatt--log_storage))
 - `region` (String)
 - `security_access` (Attributes) (see [below for nested schema](#nestedatt--security_access))
+- `subnet_ids` (Set of String)
+- `vpc_id` (String)
 
 ### Optional
 
@@ -77,20 +79,18 @@ output "crn" {
 - `endpoint_access_gateway_scheme` (String)
 - `endpoint_access_gateway_subnet_ids` (Set of String)
 - `freeipa` (Attributes) (see [below for nested schema](#nestedatt--freeipa))
-- `network_cidr` (String)
 - `polling_options` (Attributes) Polling related configuration options that could specify various values that will be used during CDP resource creation. (see [below for nested schema](#nestedatt--polling_options))
 - `proxy_config_name` (String)
 - `s3_guard_table_name` (String)
-- `subnet_ids` (Set of String)
 - `tags` (Map of String)
-- `vpc_id` (String)
 - `workload_analytics` (Boolean)
 
 ### Read-Only
 
 - `crn` (String)
 - `id` (String) The ID of this resource.
-- `report_deployment_logs` (Boolean) [Deprecated] When true, this will report additional diagnostic information back to Cloudera.
+- `network_cidr` (String, Deprecated)
+- `report_deployment_logs` (Boolean, Deprecated) [Deprecated] When true, this will report additional diagnostic information back to Cloudera.
 - `status` (String)
 - `status_reason` (String)
 - `tunnel_type` (String)

docs/resources/environments_azure_environment.md

@@ -71,6 +71,7 @@ output "crn" {
 
 - `credential_name` (String)
 - `environment_name` (String)
+- `existing_network_params` (Attributes) (see [below for nested schema](#nestedatt--existing_network_params))
 - `log_storage` (Attributes) (see [below for nested schema](#nestedatt--log_storage))
 - `public_key` (String)
 - `region` (String)
@@ -90,9 +91,7 @@ output "crn" {
 - `encryption_user_managed_identity` (String)
 - `endpoint_access_gateway_scheme` (String) The scheme for the endpoint gateway. PUBLIC creates an external endpoint that can be accessed over the Internet. Defaults to PRIVATE which restricts the traffic to be internal to the VPC.
 - `endpoint_access_gateway_subnet_ids` (Set of String) The subnets to use for endpoint access gateway.
-- `existing_network_params` (Attributes) (see [below for nested schema](#nestedatt--existing_network_params))
 - `freeipa` (Attributes) (see [below for nested schema](#nestedatt--freeipa))
-- `new_network_params` (Attributes) (see [below for nested schema](#nestedatt--new_network_params))
 - `polling_options` (Attributes) Polling related configuration options that could specify various values that will be used during CDP resource creation. (see [below for nested schema](#nestedatt--polling_options))
 - `proxy_config_name` (String)
 - `resource_group_name` (String)
@@ -103,10 +102,27 @@ output "crn" {
 
 - `crn` (String)
 - `id` (String) The ID of this resource.
+- `new_network_params` (Attributes, Deprecated) (see [below for nested schema](#nestedatt--new_network_params))
 - `report_deployment_logs` (Boolean) [Deprecated] When true, this will report additional diagnostic information back to Cloudera.
 - `status` (String)
 - `status_reason` (String)
 
+<a id="nestedatt--existing_network_params"></a>
+### Nested Schema for `existing_network_params`
+
+Required:
+
+- `network_id` (String)
+- `resource_group_name` (String)
+- `subnet_ids` (Set of String)
+
+Optional:
+
+- `aks_private_dns_zone_id` (String)
+- `database_private_dns_zone_id` (String)
+- `flexible_server_subnet_ids` (Set of String)
+
+
 <a id="nestedatt--log_storage"></a>
 ### Nested Schema for `log_storage`
 
@@ -132,22 +148,6 @@ Optional:
 - `security_group_ids_for_knox` (Set of String)
 
 
-<a id="nestedatt--existing_network_params"></a>
-### Nested Schema for `existing_network_params`
-
-Required:
-
-- `network_id` (String)
-- `resource_group_name` (String)
-- `subnet_ids` (Set of String)
-
-Optional:
-
-- `aks_private_dns_zone_id` (String)
-- `database_private_dns_zone_id` (String)
-- `flexible_server_subnet_ids` (Set of String)
-
-
 <a id="nestedatt--freeipa"></a>
 ### Nested Schema for `freeipa`
 
@@ -186,19 +186,19 @@ Read-Only:
 
 
 
-<a id="nestedatt--new_network_params"></a>
-### Nested Schema for `new_network_params`
-
-Required:
-
-- `network_cidr` (String)
-
-
 <a id="nestedatt--polling_options"></a>
 ### Nested Schema for `polling_options`
 
 Optional:
 
 - `async` (Boolean) Boolean value that specifies if Terraform should wait for resource creation/deletion.
 - `call_failure_threshold` (Number) Threshold value that specifies how many times should a single call failure happen before giving up the polling.
-- `polling_timeout` (Number) Timeout value in minutes that specifies for how long should the polling go for resource creation/deletion.
+- `polling_timeout` (Number) Timeout value in minutes that specifies for how long should the polling go for resource creation/deletion.
+
+
+<a id="nestedatt--new_network_params"></a>
+### Nested Schema for `new_network_params`
+
+Required:
+
+- `network_cidr` (String)

resources/environments/schema_aws_environment.go

@@ -174,15 +174,16 @@ var AwsEnvironmentSchema = schema.Schema{
 		"report_deployment_logs": schema.BoolAttribute{
 			// report_deployment_logs is a deprecated field and should not be used
 			MarkdownDescription: " [Deprecated] When true, this will report additional diagnostic information back to Cloudera.",
+			DeprecationMessage:  "report_deployment_logs is a deprecated field and should not be used. ",
 			Computed:            true,
 			Default:             booldefault.StaticBool(false),
 			PlanModifiers: []planmodifier.Bool{
 				boolplanmodifier.UseStateForUnknown(),
 			},
 		},
 		"network_cidr": schema.StringAttribute{
-			Optional: true,
-			Computed: true,
+			DeprecationMessage: "New network creation by specifying network_cidr is deprecated and should not be used anymore.",
+			Computed:           true,
 			PlanModifiers: []planmodifier.String{
 				stringplanmodifier.UseStateForUnknown(),
 			},
@@ -242,8 +243,7 @@ var AwsEnvironmentSchema = schema.Schema{
 			},
 		},
 		"subnet_ids": schema.SetAttribute{
-			Optional:    true,
-			Computed:    true,
+			Required:    true,
 			ElementType: types.StringType,
 		},
 		"tags": schema.MapAttribute{
@@ -269,8 +269,7 @@ var AwsEnvironmentSchema = schema.Schema{
 			},
 		},
 		"vpc_id": schema.StringAttribute{
-			Optional: true,
-			Computed: true,
+			Required: true,
 			PlanModifiers: []planmodifier.String{
 				stringplanmodifier.UseStateForUnknown(),
 			},

resources/environments/schema_aws_environment_test.go

@@ -0,0 +1,198 @@
+// Copyright 2025 Cloudera. All Rights Reserved.
+//
+// This file is licensed under the Apache License Version 2.0 (the "License").
+// You may not use this file except in compliance with the License.
+// You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.
+//
+// This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS
+// OF ANY KIND, either express or implied. Refer to the License for the specific
+// permissions and limitations governing your use of the file.
+
+package environments
+
+import (
+	"testing"
+)
+
+var awsSchemaElements = []SchemaTestCaseStructure{
+	{
+		name:             "id field must exist and be valid",
+		field:            "id",
+		computed:         true,
+		shouldBeRequired: false,
+	},
+	{
+		name:             "crn should exist and be valid",
+		field:            "crn",
+		computed:         true,
+		shouldBeRequired: false,
+	},
+	{
+		name:             "polling_options should exist and be valid",
+		field:            "polling_options",
+		computed:         false,
+		shouldBeRequired: false,
+	},
+	{
+		name:             "authentication should exist and be valid",
+		field:            "authentication",
+		computed:         false,
+		shouldBeRequired: true,
+	},
+	{
+		name:             "create_private_subnets should exist and be valid",
+		field:            "create_private_subnets",
+		computed:         true,
+		shouldBeRequired: false,
+	},
+	{
+		name:             "create_service_endpoints should exist and be valid",
+		field:            "create_service_endpoints",
+		computed:         true,
+		shouldBeRequired: false,
+	},
+	{
+		name:             "s3_guard_table_name should exist and be valid",
+		field:            "s3_guard_table_name",
+		computed:         true,
+		shouldBeRequired: false,
+	},
+	{
+		name:             "credential_name should exist and be valid",
+		field:            "credential_name",
+		computed:         false,
+		shouldBeRequired: true,
+	},
+	{
+		name:             "description should exist and be valid",
+		field:            "description",
+		computed:         true,
+		shouldBeRequired: false,
+	},
+	{
+		name:             "enable_tunnel should exist and be valid",
+		field:            "enable_tunnel",
+		computed:         true,
+		shouldBeRequired: false,
+	},
+	{
+		name:             "encryption_key_arn should exist and be valid",
+		field:            "encryption_key_arn",
+		computed:         true,
+		shouldBeRequired: false,
+	},
+	{
+		name:             "endpoint_access_gateway_scheme should exist and be valid",
+		field:            "endpoint_access_gateway_scheme",
+		computed:         true,
+		shouldBeRequired: false,
+	},
+	{
+		name:             "endpoint_access_gateway_subnet_ids should exist and be valid",
+		field:            "endpoint_access_gateway_subnet_ids",
+		computed:         false,
+		shouldBeRequired: false,
+	},
+	{
+		name:             "environment_name should exist and be valid",
+		field:            "environment_name",
+		computed:         false,
+		shouldBeRequired: true,
+	},
+	{
+		name:             "cascading_delete should exist and be valid",
+		field:            "cascading_delete",
+		computed:         true,
+		shouldBeRequired: false,
+	},
+	{
+		name:             "freeipa should exist and be valid",
+		field:            "freeipa",
+		computed:         true,
+		shouldBeRequired: false,
+	},
+	{
+		name:             "log_storage should exist and be valid",
+		field:            "log_storage",
+		computed:         false,
+		shouldBeRequired: true,
+	},
+	{
+		name:             "region should exist and be valid",
+		field:            "region",
+		computed:         false,
+		shouldBeRequired: true,
+	},
+	{
+		name:             "report_deployment_logs should exist and be valid",
+		field:            "report_deployment_logs",
+		computed:         true,
+		shouldBeRequired: false,
+	},
+	{
+		name:             "network_cidr should exist and be valid",
+		field:            "network_cidr",
+		computed:         true,
+		shouldBeRequired: false,
+	},
+	{
+		name:             "proxy_config_name should exist and be valid",
+		field:            "proxy_config_name",
+		computed:         true,
+		shouldBeRequired: false,
+	},
+	{
+		name:             "security_access should exist and be valid",
+		field:            "security_access",
+		computed:         false,
+		shouldBeRequired: true,
+	},
+	{
+		name:             "status should exist and be valid",
+		field:            "status",
+		computed:         true,
+		shouldBeRequired: false,
+	},
+	{
+		name:             "status_reason should exist and be valid",
+		field:            "status_reason",
+		computed:         true,
+		shouldBeRequired: false,
+	},
+	{
+		name:             "subnet_ids should exist and be valid",
+		field:            "subnet_ids",
+		computed:         false,
+		shouldBeRequired: true,
+	},
+	{
+		name:             "tags should exist and be valid",
+		field:            "tags",
+		computed:         true,
+		shouldBeRequired: false,
+	},
+	{
+		name:             "tunnel_type should exist and be valid",
+		field:            "tunnel_type",
+		computed:         true,
+		shouldBeRequired: false,
+	},
+	{
+		name:             "workload_analytics should exist and be valid",
+		field:            "workload_analytics",
+		computed:         true,
+		shouldBeRequired: false,
+	},
+	{
+		name:             "vpc_id should exist and be valid",
+		field:            "vpc_id",
+		computed:         false,
+		shouldBeRequired: true,
+	},
+}
+
+func TestAwsSchemaContainsElements(t *testing.T) {
+	for _, test := range awsSchemaElements {
+		performResourceSchemaValidation(t, test, AwsEnvironmentSchema.Attributes[test.field])
+	}
+}