mongodb · filipcirtog · Dec 4, 2025 · Dec 4, 2025 · Dec 10, 2025 · Dec 11, 2025
@@ -0,0 +1,15 @@
+```release-note:enhancement
+resource/mongodbatlas_privatelink_endpoint_service: Adds `port_mapping_enabled` attribute
+```
+
+```release-note:enhancement
+resource/mongodbatlas_privatelink_endpoint: Adds `port_mapping_enabled` attribute
+```
+
+```release-note:enhancement
+data-source/mongodbatlas_privatelink_endpoint_service: Adds `port_mapping_enabled` attribute
+```
+
+```release-note:enhancement
+data-source/mongodbatlas_privatelink_endpoint: Adds `port_mapping_enabled` attribute
+```
@@ -58,5 +58,6 @@ In addition to all arguments above, the following attributes are exported:
 * `endpoint_group_names` - GCP network endpoint groups corresponding to the Private Service Connect endpoint service.
 * `region_name` - GCP region for the Private Service Connect endpoint service.
 * `service_attachment_names` - Unique alphanumeric and special character strings that identify the service attachments associated with the GCP Private Service Connect endpoint service.
+* `port_mapping_enabled` - Flag that indicates whether this endpoint service uses PSC port-mapping.
 
 See [MongoDB Atlas API](https://docs.atlas.mongodb.com/reference/api/private-endpoints-service-get-one/) Documentation for more information.
@@ -122,5 +122,6 @@ In addition to all arguments above, the following attributes are exported:
   * `endpoint_name` - Forwarding rule that corresponds to the endpoint you created in GCP.
   * `ip_address` - Private IP address of the network endpoint group you created in GCP.
   * `status` - Status of the endpoint. Atlas returns one of the [values shown above](https://docs.atlas.mongodb.com/reference/api/private-endpoints-endpoint-create-one/#std-label-ref-status-field).
+* `port_mapping_enabled` - Flag that indicates whether this endpoint service uses PSC port-mapping.
 
 See [MongoDB Atlas API](https://docs.atlas.mongodb.com/reference/api/private-endpoints-endpoint-get-one/) Documentation for more information.
@@ -47,6 +47,7 @@ resource "mongodbatlas_privatelink_endpoint" "test" {
 Accepted values are: [AWS regions](https://docs.atlas.mongodb.com/reference/amazon-aws/#amazon-aws), [AZURE regions](https://docs.atlas.mongodb.com/reference/microsoft-azure/#microsoft-azure) and [GCP regions](https://docs.atlas.mongodb.com/reference/google-gcp/#std-label-google-gcp)
 * `timeouts`- (Optional) The duration of time to wait for Private Endpoint to be created or deleted. The timeout value is defined by a signed sequence of decimal numbers with a time unit suffix such as: `1h45m`, `300s`, `10m`, etc. The valid time units are:  `ns`, `us` (or `µs`), `ms`, `s`, `m`, `h`. The default timeout for Private Endpoint create & delete is `1h`. Learn more about timeouts [here](https://www.terraform.io/plugin/sdkv2/resources/retries-and-customizable-timeouts).
 * `delete_on_create_timeout`- (Optional) Indicates whether to delete the resource being created if a timeout is reached when waiting for completion. When set to `true` and timeout occurs, it triggers the deletion and returns immediately without waiting for deletion to complete. When set to `false`, the timeout will not trigger resource deletion. If you suspect a transient error when the value is `true`, wait before retrying to allow resource deletion to finish. Default is `true`.
+* `port_mapping_enabled` - (Optional) Flag that indicates whether this endpoint service uses PSC port-mapping.
 
 ## Attributes Reference
 

@@ -200,6 +200,7 @@ In addition to all arguments above, the following attributes are exported:
 * `endpoint_group_name` - (Optional) Unique identifier of the endpoint group. The endpoint group encompasses all of the endpoints that you created in GCP.
 * `endpoints` - Collection of individual private endpoints that comprise your network endpoint group.
   * `status` - Status of the endpoint. Atlas returns one of the [values shown above](https://docs.atlas.mongodb.com/reference/api/private-endpoints-endpoint-create-one/#std-label-ref-status-field).
+* `port_mapping_enabled` - Flag that indicates whether this endpoint service uses PSC port-mapping.
 
 ## Import
 Private Endpoint Link Connection can be imported using project ID and username, in the format `{project_id}--{private_link_id}--{endpoint_service_id}--{provider_name}`, e.g.

@@ -81,6 +81,10 @@ func DataSource() *schema.Resource {
 					Type: schema.TypeString,
 				},
 			},
+			"port_mapping_enabled": {
+				Type:     schema.TypeBool,
+				Computed: true,
+			},
 		},
 	}
 }
@@ -143,6 +147,10 @@ func dataSourceRead(ctx context.Context, d *schema.ResourceData, meta any) diag.
 		return diag.FromErr(fmt.Errorf(ErrorPrivateLinkEndpointsSetting, "service_attachment_names", privateLinkID, err))
 	}
 
+	if err := d.Set("port_mapping_enabled", privateEndpoint.GetPortMappingEnabled()); err != nil {
+		return diag.FromErr(fmt.Errorf(ErrorPrivateLinkEndpointsSetting, "port_mapping_enabled", privateLinkID, err))
+	}
+
 	d.SetId(conversion.EncodeStateID(map[string]string{
 		"private_link_id": privateEndpoint.GetId(),
 		"project_id":      projectID,

@@ -110,6 +110,11 @@ func Resource() *schema.Resource {
 					Type: schema.TypeString,
 				},
 			},
+			"port_mapping_enabled": {
+				Type:     schema.TypeBool,
+				Optional: true,
+				ForceNew: true,
+			},
 			"delete_on_create_timeout": { // Don't use Default: true to avoid unplanned changes when upgrading from previous versions.
 				Type:        schema.TypeBool,
 				Optional:    true,
@@ -136,6 +141,10 @@ func resourceCreate(ctx context.Context, d *schema.ResourceData, meta any) diag.
 		Region:       region,
 	}
 
+	if portMappingEnabled, ok := d.GetOk("port_mapping_enabled"); ok {
+		request.PortMappingEnabled = conversion.Pointer(portMappingEnabled.(bool))
+	}
+
 	privateEndpoint, _, err := connV2.PrivateEndpointServicesApi.CreatePrivateEndpointService(ctx, projectID, request).Execute()
 	if err != nil {
 		return diag.FromErr(fmt.Errorf(errorPrivateLinkEndpointsCreate, err))
@@ -236,6 +245,10 @@ func resourceRead(ctx context.Context, d *schema.ResourceData, meta any) diag.Di
 		return diag.FromErr(fmt.Errorf(ErrorPrivateLinkEndpointsSetting, "service_attachment_names", privateLinkID, err))
 	}
 
+	if err := d.Set("port_mapping_enabled", privateEndpoint.GetPortMappingEnabled()); err != nil {
+		return diag.FromErr(fmt.Errorf(ErrorPrivateLinkEndpointsSetting, "port_mapping_enabled", privateLinkID, err))
+	}
+
 	if privateEndpoint.GetErrorMessage() != "" {
 		return diag.FromErr(fmt.Errorf("privatelink endpoint is in a failed state: %s", privateEndpoint.GetErrorMessage()))
 	}

@@ -106,6 +106,81 @@ func TestAccNetworkRSPrivateLinkEndpointGCP_basic(t *testing.T) {
 					resource.TestCheckResourceAttrSet(resourceName, "region"),
 					resource.TestCheckResourceAttr(resourceName, "provider_name", providerName),
 					resource.TestCheckResourceAttr(resourceName, "region", region),
+					resource.TestCheckResourceAttr(resourceName, "port_mapping_enabled", "false"),
+				),
+			},
+			{
+				ResourceName:      resourceName,
+				ImportStateIdFunc: importStateIDFunc(resourceName),
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
+		},
+	})
+}
+
+func TestAccNetworkRSPrivateLinkEndpointGCP_basic_with_new_architecture_explicitly_enabled(t *testing.T) {
+	var (
+		resourceName       = "mongodbatlas_privatelink_endpoint.test"
+		orgID              = os.Getenv("MONGODB_ATLAS_ORG_ID")
+		projectName        = "test-acc-tf-p-gcp-port-based-routing-feature-flag-enabled"
-		projectName        = "test-acc-tf-p-gcp-port-based-routing-feature-flag-enabled"
+		projectName        = "test-acc-tf-p-gcp-port-mapping-enabled"
-		projectName        = "test-acc-tf-p-gcp-port-based-routing-feature-flag-enabled"
+		projectName        = "test-acc-tf-p-gcp-port-mapping-enabled"
+		region             = "us-west3"
+		providerName       = "GCP"
+		portMappingEnabled = true
+	)
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck:                 func() { acc.PreCheckBasic(t) },
+		ProtoV6ProviderFactories: acc.TestAccProviderV6Factories,
+		CheckDestroy:             checkDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: configWithPortMapping(orgID, projectName, providerName, region, portMappingEnabled),
+				Check: resource.ComposeAggregateTestCheckFunc(
+					checkExists(resourceName),
+					resource.TestCheckResourceAttrSet(resourceName, "project_id"),
+					resource.TestCheckResourceAttrSet(resourceName, "provider_name"),
+					resource.TestCheckResourceAttrSet(resourceName, "region"),
+					resource.TestCheckResourceAttr(resourceName, "provider_name", providerName),
+					resource.TestCheckResourceAttr(resourceName, "region", region),
+					resource.TestCheckResourceAttr(resourceName, "port_mapping_enabled", "true"),
+				),
+			},
+			{
+				ResourceName:      resourceName,
+				ImportStateIdFunc: importStateIDFunc(resourceName),
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
+		},
+	})
+}
+
+func TestAccNetworkRSPrivateLinkEndpointGCP_basic_with_new_architecture_explicitly_disabled(t *testing.T) {
+	var (
+		resourceName       = "mongodbatlas_privatelink_endpoint.test"
+		orgID              = os.Getenv("MONGODB_ATLAS_ORG_ID")
+		projectName        = "test-acc-tf-p-gcp-port-based-routing-feature-flag-enabled"
+		region             = "us-west4"
+		providerName       = "GCP"
+		portMappingEnabled = false
+	)
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck:                 func() { acc.PreCheckBasic(t) },
+		ProtoV6ProviderFactories: acc.TestAccProviderV6Factories,
+		CheckDestroy:             checkDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: configWithPortMapping(orgID, projectName, providerName, region, portMappingEnabled),
+				Check: resource.ComposeAggregateTestCheckFunc(
+					checkExists(resourceName),
+					resource.TestCheckResourceAttrSet(resourceName, "project_id"),
+					resource.TestCheckResourceAttrSet(resourceName, "provider_name"),
+					resource.TestCheckResourceAttrSet(resourceName, "region"),
+					resource.TestCheckResourceAttr(resourceName, "provider_name", providerName),
+					resource.TestCheckResourceAttr(resourceName, "region", region),
+					resource.TestCheckResourceAttr(resourceName, "port_mapping_enabled", "false"),
 				),
 			},
 			{
@@ -210,3 +285,17 @@ func configBasic(orgID, projectName, providerName, region string) string {
 		}
 	`, orgID, projectName, providerName, region)
 }
+
+func configWithPortMapping(orgID, projectName, providerName, region string, portMappingEnabled bool) string {
+	return fmt.Sprintf(`  
+		data "mongodbatlas_project" "test" {        
+			name   = %[2]q      
+		}        
+		resource "mongodbatlas_privatelink_endpoint" "test" {        
+			project_id         = data.mongodbatlas_project.test.id        
+			provider_name      = %[3]q        
+			region             = %[4]q        
+			port_mapping_enabled = %[5]t      
+		}        
+	`, orgID, projectName, providerName, region, portMappingEnabled)
+}
@@ -92,6 +92,10 @@ func DataSource() *schema.Resource {
 				Type:     schema.TypeString,
 				Computed: true,
 			},
+			"port_mapping_enabled": {
+				Type:     schema.TypeBool,
+				Computed: true,
+			},
 		},
 	}
 }
@@ -137,6 +141,10 @@ func dataSourceRead(ctx context.Context, d *schema.ResourceData, meta any) diag.
 		if err := d.Set("gcp_status", serviceEndpoint.GetStatus()); err != nil {
 			return diag.FromErr(fmt.Errorf(errorEndpointSetting, "gcp_status", endpointServiceID, err))
 		}
+
+		if err := d.Set("port_mapping_enabled", serviceEndpoint.GetPortMappingEnabled()); err != nil {
+			return diag.FromErr(fmt.Errorf(errorEndpointSetting, "port_mapping_enabled", privateLinkID, err))
+		}
 	}
 
 	d.SetId(conversion.EncodeStateID(map[string]string{

@@ -137,6 +137,10 @@ func Resource() *schema.Resource {
 				Type:     schema.TypeString,
 				Computed: true,
 			},
+			"port_mapping_enabled": {
+				Type:     schema.TypeBool,
+				Computed: true,
+			},
 		},
 		Timeouts: &schema.ResourceTimeout{
 			Create: schema.DefaultTimeout(2 * time.Hour),
@@ -290,6 +294,10 @@ func resourceRead(ctx context.Context, d *schema.ResourceData, meta any) diag.Di
 	}
 
 	if providerName == "GCP" {
+		if err := d.Set("port_mapping_enabled", privateEndpoint.GetPortMappingEnabled()); err != nil {
+			return diag.FromErr(fmt.Errorf(errorEndpointSetting, "port_mapping_enabled", privateLinkID, err))
+		}
+
 		if err := d.Set("gcp_status", privateEndpoint.GetStatus()); err != nil {
 			return diag.FromErr(fmt.Errorf(errorEndpointSetting, "gcp_status", endpointServiceID, err))
 		}