Remove initial credentials from managed_cluster resource

docs/guides/aws.md

@@ -13,7 +13,7 @@ The sample project creates the following resources in Kurrent Cloud:
 - Network peering
 - Managed KurrentDB using single F1 node with 16GB disk
 
-From the AWS side, you still need to accept the peering request and configure the route as described in the [documentation](https://developers.eventstore.com/cloud/provision/aws/#network-peering).
+From the AWS side, you still need to accept the peering request and configure the route as described in the [documentation](https://docs.kurrent.io/cloud/getting-started/private-access/aws.html#network-peering).
 This step can be also automated using the AWS Terraform provider.
 
 ```terraform

docs/guides/azure.md

@@ -14,7 +14,7 @@ The sample project creates the following resources in Kurrent Cloud:
 - Managed KurrentDB using single F1 node with 16GB disk
 
 From the Azure side, you still need to register the Kurrent Cloud service account with the necessary permissions to create a network peering.
-Read more in the provisioning [documentation](https://developers.eventstore.com/cloud/provision/azure/#network-peering).
+Read more in the provisioning [documentation](https://docs.kurrent.io/cloud/getting-started/private-access/azure.html#network-peering).
 
 ```terraform
 terraform {

docs/guides/gcp.md

@@ -13,7 +13,7 @@ The sample project creates the following resources in Kurrent Cloud:
 - Network peering
 - Managed KurrentDB using single F1 node with 16GB disk
 
-From the GCP side, you still need to create an incoming peering from your GCP account towards the Kurrent Cloud VPC as described in the [documentation](https://developers.eventstore.com/cloud/provision/gcp/#network-peering).
+From the GCP side, you still need to create an incoming peering from your GCP account towards the Kurrent Cloud VPC as described in the [documentation](https://docs.kurrent.io/cloud/getting-started/private-access/gcp.html#network-peering).
 This step can be also automated using the GCP Terraform provider.
 
 ```terraform

docs/resources/kurrentcloud_integration.md → docs/resources/integration.md

@@ -50,22 +50,22 @@ resource "kurrentcloud_integration" "slack_notifications" {
 
 ### Data Properties
 
-- **source** (String) Can be either `issues` or `notifications`. See [here](https://developers.eventstore.com/cloud/integrations/#integration-sources) for information on the types of integration sources
-- **sinks** (String) The type of this value determines the acceptable settings for `source` as well as what other properties are allowed in this field. See [here](https://developers.eventstore.com/cloud/integrations/#integration-sinks) for information on integration sinks
+- **source** (String) Can be either `issues` or `notifications`. See [here](https://docs.kurrent.io/cloud/integrations/#integration-sources) for information on the types of integration sources
+- **sinks** (String) The type of this value determines the acceptable settings for `source` as well as what other properties are allowed in this field. See [here](https://docs.kurrent.io/cloud/integrations/#integration-sinks) for information on integration sinks
 
 #### OpsGenie Data Properties
 
-OpsGenie currently only supports the "issues" source. See [here](https://developers.eventstore.com/cloud/integrations/opsgenie.html#how-to-create-an-api-key) for more info on creating OpsGenie integrations.
+OpsGenie currently only supports the "issues" source. See [here](https://docs.kurrent.io/cloud/integrations/opsgenie.html) for more info on creating OpsGenie integrations.
 
 - **api_key** (String) A secret key required to integrate with OpsGenie.
 
 ~> The `api_key` value is considered private and so is NOT ever returned by the Event Store Cloud API. For that reason it is impossible to display it as a Terraform output value.
 
 #### Slack Data Properties
 
-Slack currently only supports the "issues" and "notification" sources. See [here](https://developers.eventstore.com/cloud/integrations/slack.html) for more info on creating Slack integrations
+Slack currently only supports the "issues" and "notification" sources. See [here](https://docs.kurrent.io/cloud/integrations/slack.html) for more info on creating Slack integrations
 
-- **channel_id** (String) The channel in Slack that messages will be sent. See [here](https://developers.eventstore.com/cloud/integrations/slack.html) for more info. Can be retrieved as an output value.
+- **channel_id** (String) The channel in Slack that messages will be sent. See [here](https://docs.kurrent.io/cloud/integrations/slack.html) for more info. Can be retrieved as an output value.
 - **token** (String) A secret token required to integrate with Slack.
 
 ~> The `token` value is considered private and so is NOT ever returned by the Event Store Cloud API. For that reason it is impossible to display it as a Terraform output value.

docs/resources/kurrentcloud_managed_cluster.md → docs/resources/managed_cluster.md

@@ -44,58 +44,6 @@ resource "kurrentcloud_managed_cluster" "example" {
 }
 ```
 
-## Accessing Initial Credentials
-
-When a managed cluster is created, Kurrent Cloud generates initial credentials for the `admin` and `ops` users. These credentials are available as computed attributes and can be accessed via Terraform outputs.
-
-### Example: Outputting Credentials
-
-```terraform
-resource "kurrentcloud_managed_cluster" "example" {
-  # ... cluster configuration
-}
-
-# Output the admin password
-output "cluster_admin_password" {
-  description = "Initial admin password for the Kurrent cluster"
-  value       = kurrentcloud_managed_cluster.example.initial_admin_password
-  sensitive   = true
-}
-
-# Output the ops password  
-output "cluster_ops_password" {
-  description = "Initial ops password for the Kurrent cluster"
-  value       = kurrentcloud_managed_cluster.example.initial_ops_password
-  sensitive   = true
-}
-
-# Output the credentials generation timestamp
-output "credentials_generated_at" {
-  description = "Timestamp when the initial credentials were generated"
-  value       = kurrentcloud_managed_cluster.example.credentials_generated_at
-}
-```
-
-### Accessing the Outputs
-
-After running `terraform apply`, you can retrieve the credentials:
-
-```bash
-# View the credentials generation timestamp
-terraform output credentials_generated_at
-
-# View sensitive credentials (requires -raw flag)
-terraform output -raw cluster_admin_password
-terraform output -raw cluster_ops_password
-```
-
-### Important Notes
-
-- **Initial credentials are only available once** and may be cleared by Kurrent Cloud for security reasons
-- **Credentials are marked as sensitive** to prevent accidental exposure in logs
-- **If credentials are no longer available**, the fields will be empty but the cluster will continue to function normally
-- **Use these credentials promptly** to create additional users or change passwords as needed
-
 <!-- schema generated by tfplugindocs -->
 
 ## Schema
@@ -124,8 +72,6 @@ terraform output -raw cluster_ops_password
 
 - **credentials_generated_at** (String) Timestamp when the initial credentials were generated
 - **dns_name** (String) DNS address of the cluster
-- **initial_admin_password** (String, Sensitive) Initial password for the admin user
-- **initial_ops_password** (String, Sensitive) Initial password for the ops user
 - **region** (String) Region in which the cluster was created. Determined by the region of the Network
 - **resource_provider** (String) Provider in which the cluster was created. Determined by the provider of the Network.
 
@@ -161,7 +107,7 @@ Production scale:
 - `M64`
 - `M128`
 
-Check our [instance size guide](https://developers.eventstore.com/cloud/provision/cloud-instance-guidance/) to choose the right size for your workload.
+Check our [instance size guide](https://docs.kurrent.io/cloud/ops/sizing.html) to choose the right size for your workload.
 
 Use one of the following values as `topology`:
 - `single-node`

docs/resources/kurrentcloud_peering.md → docs/resources/peering.md

@@ -81,4 +81,4 @@ Import is supported using the following syntax:
 terraform import kurrentcloud_peering.example project_id:peering_id
 ```
 
-~> Keep in mind that additional operations might be required to activate the peering link. Check our [provisioning guidelines](https://developers.eventstore.com/cloud/provision/) for each of the supported cloud providers to know more.
+~> Keep in mind that additional operations might be required to activate the peering link. Check our [Getting Started](https://docs.kurrent.io/cloud/getting-started/) docs for each of the supported cloud providers to know more.

esc/resource_managed_cluster.go

@@ -169,23 +169,6 @@ func resourceManagedCluster() *schema.Resource {
 				Optional:    true,
 				ForceNew:    true,
 			},
-			"initial_admin_password": {
-				Description: "Initial password for the admin user",
-				Type:        schema.TypeString,
-				Computed:    true,
-				Sensitive:   true,
-			},
-			"initial_ops_password": {
-				Description: "Initial password for the ops user",
-				Type:        schema.TypeString,
-				Computed:    true,
-				Sensitive:   true,
-			},
-			"credentials_generated_at": {
-				Description: "Timestamp when the initial credentials were generated",
-				Type:        schema.TypeString,
-				Computed:    true,
-			},
 		},
 	}
 }
@@ -348,23 +331,6 @@ func resourceEventstorecloudManagedCluster() *schema.Resource {
 				Optional:    true,
 				ForceNew:    true,
 			},
-			"initial_admin_password": {
-				Description: "Initial password for the admin user",
-				Type:        schema.TypeString,
-				Computed:    true,
-				Sensitive:   true,
-			},
-			"initial_ops_password": {
-				Description: "Initial password for the ops user",
-				Type:        schema.TypeString,
-				Computed:    true,
-				Sensitive:   true,
-			},
-			"credentials_generated_at": {
-				Description: "Timestamp when the initial credentials were generated",
-				Type:        schema.TypeString,
-				Computed:    true,
-			},
 		},
 	}
 }
@@ -412,29 +378,6 @@ func resourceManagedClusterCreate(
 		return err
 	}
 
-	// Retrieve initial credentials after cluster is available
-	credentialsResp, credErr := c.client.ManagedClusterGetInitialCredentials(
-		ctx,
-		&client.GetManagedClusterInitialCredentialsRequest{
-			OrganizationID: c.organizationId,
-			ProjectID:      projectId,
-			ClusterID:      resp.ClusterID,
-		},
-	)
-
-	// Set credentials if successfully retrieved, but don't fail the resource creation if they're not available
-	if credErr == nil && credentialsResp != nil {
-		if err := d.Set("initial_admin_password", credentialsResp.AdminPassword); err != nil {
-			return diag.FromErr(err)
-		}
-		if err := d.Set("initial_ops_password", credentialsResp.OpsPassword); err != nil {
-			return diag.FromErr(err)
-		}
-		if err := d.Set("credentials_generated_at", credentialsResp.GeneratedAt); err != nil {
-			return diag.FromErr(err)
-		}
-	}
-
 	return resourceManagedClusterRead(ctx, d, meta)
 }
 
@@ -521,40 +464,6 @@ func resourceManagedClusterRead(
 		diags = append(diags, diag.FromErr(err)...)
 	}
 
-	// Attempt to retrieve initial credentials, but don't fail if not available
-	credentialsResp, credErr := c.client.ManagedClusterGetInitialCredentials(
-		ctx,
-		&client.GetManagedClusterInitialCredentialsRequest{
-			OrganizationID: c.organizationId,
-			ProjectID:      projectId,
-			ClusterID:      clusterId,
-		},
-	)
-
-	// Only set credentials if successfully retrieved
-	if credErr == nil && credentialsResp != nil {
-		if err := d.Set("initial_admin_password", credentialsResp.AdminPassword); err != nil {
-			diags = append(diags, diag.FromErr(err)...)
-		}
-		if err := d.Set("initial_ops_password", credentialsResp.OpsPassword); err != nil {
-			diags = append(diags, diag.FromErr(err)...)
-		}
-		if err := d.Set("credentials_generated_at", credentialsResp.GeneratedAt); err != nil {
-			diags = append(diags, diag.FromErr(err)...)
-		}
-	} else {
-		// Clear credential fields if they're no longer available
-		if err := d.Set("initial_admin_password", ""); err != nil {
-			diags = append(diags, diag.FromErr(err)...)
-		}
-		if err := d.Set("initial_ops_password", ""); err != nil {
-			diags = append(diags, diag.FromErr(err)...)
-		}
-		if err := d.Set("credentials_generated_at", ""); err != nil {
-			diags = append(diags, diag.FromErr(err)...)
-		}
-	}
-
 	return diags
 }
 

examples/resources/eventstorecloud_integration_awscloudwatch_logs/resource.tf

@@ -1,3 +1,11 @@
+variable "region" {
+  type = string
+}
+
+variable "stage" {
+  type = string
+}
+
 locals {
   describe_log_groups_arn = "arn:aws:logs:${var.region}:${data.aws_caller_identity.current.account_id}:log-group:*"
 }

examples/resources/eventstorecloud_managed_cluster/resource.tf

@@ -26,5 +26,5 @@ resource "kurrentcloud_managed_cluster" "example" {
   disk_type       = "gp3"
   disk_iops       = 3000
   disk_throughput = 125
-  server_version  = "23.10"
+  server_version  = "26.0"
 }