HCE-793: Add Project ID to Vault Cluster

docs/data-sources/vault_cluster.md

@@ -27,6 +27,7 @@ data "hcp_vault_cluster" "example" {
 
 ### Optional
 
+- `project_id` (String) The ID of the HCP project where the Vault cluster is located.
 - `timeouts` (Block, Optional) (see [below for nested schema](#nestedblock--timeouts))
 
 ### Read-Only
@@ -43,7 +44,6 @@ data "hcp_vault_cluster" "example" {
 - `organization_id` (String) The ID of the organization this HCP Vault cluster is located in.
 - `paths_filter` (List of String) The performance replication [paths filter](https://developer.hashicorp.com/vault/tutorials/cloud-ops/vault-replication-terraform#review-hcpvault-tf). Applies to performance replication secondaries only and operates in "deny" mode only.
 - `primary_link` (String) The `self_link` of the HCP Vault Plus tier cluster which is the primary in the performance replication setup with this HCP Vault Plus tier cluster. If not specified, it is a standalone Plus tier HCP Vault cluster.
-- `project_id` (String) The ID of the project this HCP Vault cluster is located in.
 - `public_endpoint` (Boolean) Denotes that the cluster has a public endpoint. Defaults to false.
 - `region` (String) The region where the HCP Vault cluster is located.
 - `self_link` (String) A unique URL identifying the Vault cluster.

docs/resources/vault_cluster.md

@@ -55,6 +55,7 @@ resource "hcp_vault_cluster" "example" {
 - `min_vault_version` (String) The minimum Vault version to use when creating the cluster. If not specified, it is defaulted to the version that is currently recommended by HCP.
 - `paths_filter` (List of String) The performance replication [paths filter](https://developer.hashicorp.com/vault/tutorials/cloud-ops/vault-replication-terraform). Applies to performance replication secondaries only and operates in "deny" mode only.
 - `primary_link` (String) The `self_link` of the HCP Vault Plus tier cluster which is the primary in the performance replication setup with this HCP Vault Plus tier cluster. If not specified, it is a standalone Plus tier HCP Vault cluster.
+- `project_id` (String) The ID of the HCP project where the Vault cluster is located.
 - `public_endpoint` (Boolean) Denotes that the cluster has a public endpoint. Defaults to false.
 - `tier` (String) Tier of the HCP Vault cluster. Valid options for tiers - `dev`, `starter_small`, `standard_small`, `standard_medium`, `standard_large`, `plus_small`, `plus_medium`, `plus_large`. See [pricing information](https://cloud.hashicorp.com/pricing/vault). Changing a cluster's size or tier is only available to admins. See [Scale a cluster](https://registry.terraform.io/providers/hashicorp/hcp/latest/docs/guides/vault-scaling).
 - `timeouts` (Block, Optional) (see [below for nested schema](#nestedblock--timeouts))
@@ -66,7 +67,6 @@ resource "hcp_vault_cluster" "example" {
 - `id` (String) The ID of this resource.
 - `namespace` (String) The name of the customer namespace this HCP Vault cluster is located in.
 - `organization_id` (String) The ID of the organization this HCP Vault cluster is located in.
-- `project_id` (String) The ID of the project this HCP Vault cluster is located in.
 - `region` (String) The region where the HCP Vault cluster is located.
 - `self_link` (String) A unique URL identifying the Vault cluster.
 - `state` (String) The state of the Vault cluster.

docs/resources/vault_cluster_admin_token.md

@@ -35,6 +35,7 @@ resource "hcp_vault_cluster_admin_token" "example" {
 
 ### Optional
 
+- `project_id` (String) The ID of the HCP project where the HCP Vault cluster is located.
 - `timeouts` (Block, Optional) (see [below for nested schema](#nestedblock--timeouts))
 
 ### Read-Only

internal/provider/data_source_vault_cluster.go

@@ -10,6 +10,7 @@ import (
 	sharedmodels "github.com/hashicorp/hcp-sdk-go/clients/cloud-shared/v1/models"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation"
 
 	"github.com/hashicorp/terraform-provider-hcp/internal/clients"
 )
@@ -29,6 +30,14 @@ func dataSourceVaultCluster() *schema.Resource {
 				Required:         true,
 				ValidateDiagFunc: validateSlugID,
 			},
+			// Optional inputs
+			"project_id": {
+				Description:  "The ID of the HCP project where the Vault cluster is located.",
+				Type:         schema.TypeString,
+				Computed:     true,
+				Optional:     true,
+				ValidateFunc: validation.IsUUID,
+			},
 			// computed outputs
 			"hvn_id": {
 				Description: "The ID of the HVN this HCP Vault cluster is associated to.",
@@ -55,11 +64,6 @@ func dataSourceVaultCluster() *schema.Resource {
 				Type:        schema.TypeString,
 				Computed:    true,
 			},
-			"project_id": {
-				Description: "The ID of the project this HCP Vault cluster is located in.",
-				Type:        schema.TypeString,
-				Computed:    true,
-			},
 			"cloud_provider": {
 				Description: "The provider where the HCP Vault cluster is located.",
 				Type:        schema.TypeString,
@@ -209,9 +213,14 @@ func dataSourceVaultClusterRead(ctx context.Context, d *schema.ResourceData, met
 	clusterID := d.Get("cluster_id").(string)
 	client := meta.(*clients.Client)
 
+	projectID, err := GetProjectID(d.Get("project_id").(string), client.Config.ProjectID)
+	if err != nil {
+		return diag.Errorf("unable to retrieve project ID: %v", err)
+	}
+
 	loc := &sharedmodels.HashicorpCloudLocationLocation{
 		OrganizationID: client.Config.OrganizationID,
-		ProjectID:      client.Config.ProjectID,
+		ProjectID:      projectID,
 	}
 
 	log.Printf("[INFO] Reading Vault cluster (%s) [project_id=%s, organization_id=%s]", clusterID, loc.ProjectID, loc.OrganizationID)

internal/provider/resource_vault_cluster.go

@@ -15,6 +15,7 @@ import (
 
 	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation"
 
 	"github.com/hashicorp/terraform-provider-hcp/internal/clients"
 	"github.com/hashicorp/terraform-provider-hcp/internal/input"
@@ -65,6 +66,14 @@ func resourceVaultCluster() *schema.Resource {
 				ValidateDiagFunc: validateSlugID,
 			},
 			// Optional fields
+			"project_id": {
+				Description:  "The ID of the HCP project where the Vault cluster is located.",
+				Type:         schema.TypeString,
+				Optional:     true,
+				ForceNew:     true,
+				ValidateFunc: validation.IsUUID,
+				Computed:     true,
+			},
 			"tier": {
 				Description:      "Tier of the HCP Vault cluster. Valid options for tiers - `dev`, `starter_small`, `standard_small`, `standard_medium`, `standard_large`, `plus_small`, `plus_medium`, `plus_large`. See [pricing information](https://cloud.hashicorp.com/pricing/vault). Changing a cluster's size or tier is only available to admins. See [Scale a cluster](https://registry.terraform.io/providers/hashicorp/hcp/latest/docs/guides/vault-scaling).",
 				Type:             schema.TypeString,
@@ -110,11 +119,6 @@ func resourceVaultCluster() *schema.Resource {
 				Type:        schema.TypeString,
 				Computed:    true,
 			},
-			"project_id": {
-				Description: "The ID of the project this HCP Vault cluster is located in.",
-				Type:        schema.TypeString,
-				Computed:    true,
-			},
 			"cloud_provider": {
 				Description: "The provider where the HCP Vault cluster is located.",
 				Type:        schema.TypeString,
@@ -304,9 +308,14 @@ func resourceVaultClusterCreate(ctx context.Context, d *schema.ResourceData, met
 
 	clusterID := d.Get("cluster_id").(string)
 	hvnID := d.Get("hvn_id").(string)
+	projectID, err := GetProjectID(d.Get("project_id").(string), client.Config.ProjectID)
+	if err != nil {
+		return diag.Errorf("unable to retrieve project ID: %v", err)
+	}
+
 	loc := &sharedmodels.HashicorpCloudLocationLocation{
 		OrganizationID: client.Config.OrganizationID,
-		ProjectID:      client.Config.ProjectID,
+		ProjectID:      projectID,
 	}
 
 	// Get metrics audit config and MVU config first so we can validate and fail faster.

internal/provider/resource_vault_cluster_admin_token.go

@@ -12,6 +12,7 @@ import (
 	"github.com/hashicorp/hcp-sdk-go/clients/cloud-shared/v1/models"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation"
 	"github.com/hashicorp/terraform-provider-hcp/internal/clients"
 )
 
@@ -42,6 +43,15 @@ func resourceVaultClusterAdminToken() *schema.Resource {
 				ForceNew:         true,
 				ValidateDiagFunc: validateSlugID,
 			},
+			// Optional inputs
+			"project_id": {
+				Description:  "The ID of the HCP project where the HCP Vault cluster is located.",
+				Type:         schema.TypeString,
+				Optional:     true,
+				ForceNew:     true,
+				ValidateFunc: validation.IsUUID,
+				Computed:     true,
+			},
 			// computed outputs
 			"created_at": {
 				Description: "The time that the admin token was created.",
@@ -63,10 +73,14 @@ func resourceVaultClusterAdminTokenCreate(ctx context.Context, d *schema.Resourc
 	client := meta.(*clients.Client)
 
 	clusterID := d.Get("cluster_id").(string)
+	projectID, err := GetProjectID(d.Get("project_id").(string), client.Config.ProjectID)
+	if err != nil {
+		return diag.Errorf("unable to retrieve project ID: %v", err)
+	}
 
 	loc := &models.HashicorpCloudLocationLocation{
 		OrganizationID: client.Config.OrganizationID,
-		ProjectID:      client.Config.ProjectID,
+		ProjectID:      projectID,
 	}
 
 	log.Printf("[INFO] reading Vault cluster (%s) [project_id=%s, organization_id=%s]", clusterID, loc.ProjectID, loc.OrganizationID)