From 549c5ff085e56c71f7e64ab36e924a9811378adf Mon Sep 17 00:00:00 2001 From: cts01586841 Date: Wed, 25 Dec 2024 18:04:42 +0800 Subject: [PATCH] resource/alicloud_db_instance: fix_add_ModifyDBInstanceConfig --- alicloud/resource_alicloud_db_instance.go | 113 +++++++- .../resource_alicloud_db_instance_test.go | 249 +++++++++++++++++- website/docs/r/db_instance.html.markdown | 13 +- 3 files changed, 368 insertions(+), 7 deletions(-) diff --git a/alicloud/resource_alicloud_db_instance.go b/alicloud/resource_alicloud_db_instance.go index ba8bba6a9825..017bfd9d404a 100644 --- a/alicloud/resource_alicloud_db_instance.go +++ b/alicloud/resource_alicloud_db_instance.go @@ -397,9 +397,26 @@ func resourceAliCloudDBInstance() *schema.Resource { Type: schema.TypeString, Optional: true, DiffSuppressFunc: func(k, old, new string, d *schema.ResourceData) bool { - return d.Get("engine").(string) != "PostgreSQL" && d.Get("engine").(string) != "MySQL" && d.Get("engine").(string) != "SQLServer" + engine := d.Get("engine").(string) + encryptionKey := d.Get("encryption_key").(string) + if engine != "PostgreSQL" && engine != "MySQL" && engine != "SQLServer" { + return true + } + if engine == "PostgreSQL" { + if encryptionKey == "ServiceKey" && old != "" { + return true + } + if encryptionKey == "disabled" && old == "" { + return true + } + } + return false }, }, + "tde_encryption_key": { + Type: schema.TypeString, + Optional: true, + }, "zone_id_slave_a": { Type: schema.TypeString, Optional: true, @@ -606,6 +623,21 @@ func resourceAliCloudDBInstance() *schema.Resource { Optional: true, ValidateFunc: StringInSlice([]string{"Up", "Down", "TempUpgrade", "Serverless"}, false), }, + "pg_bouncer_enabled": { + Type: schema.TypeBool, + Optional: true, + DiffSuppressFunc: func(k, old, new string, d *schema.ResourceData) bool { + return d.Get("engine").(string) != "PostgreSQL" + }, + }, + "recovery_model": { + Type: schema.TypeString, + Optional: true, + Computed: true, + DiffSuppressFunc: func(k, old, new string, d *schema.ResourceData) bool { + return d.Get("engine").(string) != "SQLServer" + }, + }, }, } } @@ -1122,7 +1154,7 @@ func resourceAliCloudDBInstanceUpdate(d *schema.ResourceData, meta interface{}) if v, ok := d.GetOk("role_arn"); ok && v.(string) != "" { request["RoleARN"] = v.(string) } - if v, ok := d.GetOk("encryption_key"); ok && v.(string) != "" { + if v, ok := d.GetOk("tde_encryption_key"); ok && v.(string) != "" { request["EncryptionKey"] = v.(string) if ro, ok := request["RoleARN"].(string); !ok || ro == "" { roleArn, err := findKmsRoleArn(client, v.(string)) @@ -1561,6 +1593,69 @@ func resourceAliCloudDBInstanceUpdate(d *schema.ResourceData, meta interface{}) } } + handleConfigChange := func(configName string, configValue interface{}) error { + action := "ModifyDBInstanceConfig" + request := map[string]interface{}{ + "RegionId": client.RegionId, + "DBInstanceId": d.Id(), + "ConfigName": configName, + "ConfigValue": configValue, + } + var response map[string]interface{} + wait := incrementalWait(3*time.Second, 3*time.Second) + err = resource.Retry(d.Timeout(schema.TimeoutUpdate), func() *resource.RetryError { + response, err = conn.DoRequest(StringPointer(action), nil, StringPointer("POST"), StringPointer("2014-08-15"), StringPointer("AK"), nil, request, &runtime) + if err != nil { + if NeedRetry(err) { + wait() + return resource.RetryableError(err) + } + return resource.NonRetryableError(err) + } + return nil + }) + if err != nil { + return WrapErrorf(err, DefaultErrorMsg, d.Id(), action, AlibabaCloudSdkGoERROR) + } + addDebug(action, response, request) + + stateConf := BuildStateConf([]string{}, []string{"Running"}, d.Timeout(schema.TimeoutUpdate), 5*time.Second, rdsService.RdsDBInstanceStateRefreshFunc(d.Id(), []string{"Deleting"})) + if _, err := stateConf.WaitForState(); err != nil { + return WrapErrorf(err, IdMsg, d.Id()) + } + return nil + } + if "PostgreSQL" == d.Get("engine").(string) { + if d.HasChange("pg_bouncer_enabled") { + if err := handleConfigChange("pgbouncer", d.Get("pg_bouncer_enabled")); err != nil { + return err + } + } + + if d.HasChange("encryption_key") { + if v, ok := d.GetOk("encryption_key"); ok { + var configValue string + if v.(string) == "disabled" { + configValue = "disabled" + } else { + configValue = v.(string) + } + if err := handleConfigChange("encryptionKey", configValue); err != nil { + return err + } + } + } + + } + + if "SQLServer" == d.Get("engine").(string) { + if d.HasChange("recovery_model") { + if err := handleConfigChange("backup_recovery_model", d.Get("recovery_model")); err != nil { + return err + } + } + } + if !d.IsNewResource() && (d.HasChange("target_minor_version") || d.HasChange("upgrade_db_instance_kernel_version")) { action := "UpgradeDBInstanceKernelVersion" request := map[string]interface{}{ @@ -1659,6 +1754,17 @@ func resourceAliCloudDBInstanceRead(d *schema.ResourceData, meta interface{}) er if err != nil { return WrapError(err) } + if "PostgreSQL" == instance["Engine"] { + DBInstanceEncryptionKey, err := rdsService.DescribeDBInstanceEncryptionKey(d.Id()) + if err != nil { + return WrapError(err) + } + d.Set("encryption_key", "") + if DBInstanceEncryptionKey["EncryptionKey"] != "" { + d.Set("encryption_key", DBInstanceEncryptionKey["EncryptionKey"]) + } + } + describeDBInstanceHAConfigObject, err := rdsService.DescribeDBInstanceHAConfig(d.Id()) hostInstanceInfos := describeDBInstanceHAConfigObject["HostInstanceInfos"].(map[string]interface{})["NodeInfo"].([]interface{}) var nodeId string @@ -1708,6 +1814,7 @@ func resourceAliCloudDBInstanceRead(d *schema.ResourceData, meta interface{}) er d.Set("zone_id", instance["ZoneId"]) d.Set("status", instance["DBInstanceStatus"]) d.Set("create_time", instance["CreationTime"]) + d.Set("pg_bouncer_enabled", instance["PGBouncerEnabled"]) // MySQL Serverless instance query PayType return SERVERLESS, need to be consistent with the participant. payType := instance["PayType"] @@ -1763,6 +1870,8 @@ func resourceAliCloudDBInstanceRead(d *schema.ResourceData, meta interface{}) er } else if len(slaveZones) == 1 { d.Set("zone_id_slave_a", slaveZones[0].(map[string]interface{})["ZoneId"]) } + recoveryModel := instance["Extra"].(map[string]interface{})["RecoveryModel"] + d.Set("recovery_model", recoveryModel) if sqlCollectorPolicy["SQLCollectorStatus"] == "Enable" { d.Set("sql_collector_status", "Enabled") } else { diff --git a/alicloud/resource_alicloud_db_instance_test.go b/alicloud/resource_alicloud_db_instance_test.go index b9258e1e84c6..c0549d5e7bb7 100644 --- a/alicloud/resource_alicloud_db_instance_test.go +++ b/alicloud/resource_alicloud_db_instance_test.go @@ -640,8 +640,9 @@ func TestAccAliCloudRdsDBInstance_VpcId(t *testing.T) { }, { Config: testAccConfig(map[string]interface{}{ - "tde_status": "Enabled", - "role_arn": "${data.alicloud_ram_roles.default.roles.0.arn}", + "tde_status": "Enabled", + "role_arn": "${data.alicloud_ram_roles.default.roles.0.arn}", + "tde_encryption_key": "${alicloud_kms_key.default.id}", }), Check: resource.ComposeTestCheckFunc( testAccCheck(map[string]string{ @@ -709,7 +710,7 @@ func TestAccAliCloudRdsDBInstance_VpcId(t *testing.T) { ResourceName: resourceId, ImportState: true, ImportStateVerify: true, - ImportStateVerifyIgnore: []string{"force", "force_restart", "db_is_ignore_case", "tde_status", "sql_collector_status", "role_arn"}, + ImportStateVerifyIgnore: []string{"force", "force_restart", "db_is_ignore_case", "tde_status", "sql_collector_status", "role_arn", "tde_encryption_key"}, }, }, }) @@ -829,6 +830,11 @@ resource "alicloud_security_group" "default" { name = var.name vpc_id = data.alicloud_vpcs.default.ids.0 } +resource "alicloud_kms_key" "default" { + description = var.name + pending_window_in_days = 7 + status = "Enabled" +} `, name) @@ -1456,7 +1462,7 @@ resource "alicloud_security_group" "default" { resource "alicloud_kms_key" "default" { description = var.name pending_window_in_days = 7 - key_state = "Enabled" + status = "Enabled" } `, name) @@ -3942,6 +3948,205 @@ func TestAccAliCloudRdsDBInstanceMysql_general_essd(t *testing.T) { }, }) } + +func TestAccAliCloudRdsDBInstancePostgreSQL(t *testing.T) { + var instance map[string]interface{} + resourceId := "alicloud_db_instance.default" + ra := resourceAttrInit(resourceId, instanceBasicMap7) + rc := resourceCheckInitWithDescribeMethod(resourceId, &instance, func() interface{} { + return &RdsService{testAccProvider.Meta().(*connectivity.AliyunClient)} + }, "DescribeDBInstance") + rac := resourceAttrCheckInit(rc, ra) + + testAccCheck := rac.resourceAttrMapUpdateSet() + name := fmt.Sprintf("tf-testAccDBInstanceConfig%d", rand.Intn(1000)) + testAccConfig := resourceTestAccConfigFunc(resourceId, name, resourceDBInstanceConfigGeneralEssdPgSql) + resource.Test(t, resource.TestCase{ + PreCheck: func() { + testAccPreCheck(t) + }, + IDRefreshName: resourceId, + Providers: testAccProviders, + CheckDestroy: rac.checkResourceDestroy(), + Steps: []resource.TestStep{ + { + Config: testAccConfig(map[string]interface{}{ + "engine": "PostgreSQL", + "engine_version": "17.0", + "instance_type": "pg.n4.2c.2m", + "instance_storage": "30", + "instance_charge_type": "Postpaid", + "instance_name": "${var.name}", + "vswitch_id": "${data.alicloud_vswitches.default.ids.0}", + "db_instance_storage_type": "general_essd", + }), + Check: resource.ComposeTestCheckFunc( + testAccCheck(map[string]string{ + "engine": "PostgreSQL", + "engine_version": "17.0", + "instance_type": CHECKSET, + "instance_storage": CHECKSET, + "instance_charge_type": CHECKSET, + "instance_name": name, + "db_instance_storage_type": "general_essd", + }), + ), + }, + { + Config: testAccConfig(map[string]interface{}{ + "pg_bouncer_enabled": "true", + }), + Check: resource.ComposeTestCheckFunc( + testAccCheck(map[string]string{ + "pg_bouncer_enabled": "true", + }), + ), + }, + { + Config: testAccConfig(map[string]interface{}{ + "pg_bouncer_enabled": "false", + }), + Check: resource.ComposeTestCheckFunc( + testAccCheck(map[string]string{ + "pg_bouncer_enabled": "false", + }), + ), + }, + { + Config: testAccConfig(map[string]interface{}{ + "encryption_key": "ServiceKey", + }), + Check: resource.ComposeTestCheckFunc( + testAccCheck(map[string]string{ + "encryption_key": CHECKSET, + }), + ), + }, + { + Config: testAccConfig(map[string]interface{}{ + "encryption_key": "disabled", + }), + Check: resource.ComposeTestCheckFunc( + testAccCheck(map[string]string{ + "encryption_key": "", + }), + ), + }, + { + ResourceName: resourceId, + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"force_restart"}, + }, + }, + }) +} + +func resourceDBInstanceConfigGeneralEssdPgSql(name string) string { + return fmt.Sprintf(` +variable "name" { + default = "%s" +} +data "alicloud_db_zones" "default"{ + engine = "PostgreSQL" + engine_version = "17.0" +} + +data "alicloud_vpcs" "default" { + name_regex = "^default-NODELETING$" +} +data "alicloud_vswitches" "default" { + vpc_id = data.alicloud_vpcs.default.ids.0 + zone_id = data.alicloud_db_zones.default.zones.0.id +} +`, name) +} + +func TestAccAliCloudRdsDBInstanceSqlService_general_essd(t *testing.T) { + var instance map[string]interface{} + resourceId := "alicloud_db_instance.default" + ra := resourceAttrInit(resourceId, instanceBasicMap8) + rc := resourceCheckInitWithDescribeMethod(resourceId, &instance, func() interface{} { + return &RdsService{testAccProvider.Meta().(*connectivity.AliyunClient)} + }, "DescribeDBInstance") + rac := resourceAttrCheckInit(rc, ra) + + testAccCheck := rac.resourceAttrMapUpdateSet() + name := fmt.Sprintf("tf-testAccDBInstanceConfig%d", rand.Intn(1000)) + testAccConfig := resourceTestAccConfigFunc(resourceId, name, resourceDBInstanceConfigGeneralEssdSqlService) + resource.Test(t, resource.TestCase{ + PreCheck: func() { + testAccPreCheck(t) + }, + // module name + IDRefreshName: resourceId, + Providers: testAccProviders, + CheckDestroy: rac.checkResourceDestroy(), + Steps: []resource.TestStep{ + { + Config: testAccConfig(map[string]interface{}{ + "engine": "SQLServer", + "engine_version": "2022_web", + "instance_type": "mssql.x2.medium.w1", + "instance_storage": "50", + "instance_charge_type": "Postpaid", + "category": "Basic", + "instance_name": "${var.name}", + "vswitch_id": "${data.alicloud_vswitches.default.ids.0}", + "db_instance_storage_type": "general_essd", + }), + Check: resource.ComposeTestCheckFunc( + testAccCheck(map[string]string{ + "engine": "SQLServer", + "engine_version": "2022_web", + "instance_type": CHECKSET, + "instance_storage": CHECKSET, + "instance_charge_type": CHECKSET, + "instance_name": name, + "db_instance_storage_type": "general_essd", + }), + ), + }, + { + Config: testAccConfig(map[string]interface{}{ + "recovery_model": "simple", + }), + Check: resource.ComposeTestCheckFunc( + testAccCheck(map[string]string{ + "recovery_model": "simple", + }), + ), + }, + { + ResourceName: resourceId, + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"force_restart"}, + }, + }, + }) +} + +func resourceDBInstanceConfigGeneralEssdSqlService(name string) string { + return fmt.Sprintf(` +variable "name" { + default = "%s" +} +data "alicloud_db_zones" "default"{ + engine = "SQLServer" + engine_version = "2022_web" +} + +data "alicloud_vpcs" "default" { + name_regex = "^default-NODELETING$" +} +data "alicloud_vswitches" "default" { + vpc_id = data.alicloud_vpcs.default.ids.0 + zone_id = data.alicloud_db_zones.default.zones.0.id +} + +`, name) +} func testAccCheckSecurityIpExists(n string, ips []map[string]interface{}) resource.TestCheckFunc { return func(s *terraform.State) error { rs, ok := s.RootModule().Resources[n] @@ -4074,3 +4279,39 @@ var instancePostgreSQLBasicMap = map[string]string{ "create_time": CHECKSET, "ssl_action": "Close", } +var instanceBasicMap7 = map[string]string{ + "engine": "PostgreSQL", + "engine_version": "17.0", + "instance_type": CHECKSET, + "db_instance_type": "Primary", + "instance_storage": "30", + "instance_name": "tf-testAccDBInstanceConfig", + "zone_id": CHECKSET, + "instance_charge_type": "Postpaid", + "connection_string": CHECKSET, + "status": CHECKSET, + "create_time": CHECKSET, + "ssl_action": "Close", +} +var instanceBasicMap8 = map[string]string{ + "engine": "SQLServer", + "engine_version": "2022_web", + "instance_type": CHECKSET, + "instance_storage": "50", + "instance_name": "tf-testAccDBInstanceConfig", + "zone_id": CHECKSET, + "instance_charge_type": "Postpaid", + "status": CHECKSET, + "create_time": CHECKSET, +} +var instanceBasicMap9 = map[string]string{ + "engine": "MySQL", + "engine_version": "8.0", + "instance_type": CHECKSET, + "instance_name": "tf-testAccDBInstanceConfig", + "zone_id": CHECKSET, + "instance_charge_type": "Postpaid", + "connection_string": CHECKSET, + "status": CHECKSET, + "create_time": CHECKSET, +} diff --git a/website/docs/r/db_instance.html.markdown b/website/docs/r/db_instance.html.markdown index 1c949f4721be..faed6de072bc 100644 --- a/website/docs/r/db_instance.html.markdown +++ b/website/docs/r/db_instance.html.markdown @@ -668,7 +668,14 @@ The following arguments are supported: -> **NOTE:** The attribute `ssl_action` will be ignored when setting `instance_charge_type = "Serverless"` for SQLServer, PostgreSQL or MariaDB. * `ssl_connection_string` - (Optional, Available since v1.198.0) The internal or public endpoint for which the server certificate needs to be created or updated. * `tde_status` - (Optional, Available since 1.90.0) The TDE(Transparent Data Encryption) status. After TDE is turned on, it cannot be turned off. See more [engine and engineVersion limitation](https://www.alibabacloud.com/help/zh/doc-detail/26256.htm). +-> **NOTE:** When creating an instance and enabling disk encryption, you can only use the Key ID; you cannot use the ServiceKey. * `encryption_key` - (Optional, Available since 1.109.0) The key id of the KMS. Used for encrypting a disk if not null. Only for PostgreSQL, MySQL and SQLServer. + When the instance is PostgreSQL, this parameter can be used to enable, modify, and disable cloud disk encryption.Value range: + - ServiceKey: Enable disk encryption using the service-managed key (Default Service CMK) automatically generated by Alibaba Cloud RDS. + - : Use a custom key to enable cloud disk encryption or change the current key. For example: 494c98ce-f2b5-48ab-96ab-36c986b6****. + - disabled: Turn off cloud disk encryption. +-> **NOTE:** This parameter is available when the instance runs MySQL. +* `tde_encryption_key` - (Optional, Available since 1.240.0) The ID of the custom key. * `ca_type` - (Optional, Available since 1.124.1) The type of the server certificate. This parameter is supported only when the instance runs PostgreSQL or MySQL with standard or enhanced SSDs. If you set the SSLEnabled parameter to 1, the default value of this parameter is aliyun. **NOTE:** From version 1.231.0, `ca_type` start support `MySQL` engine. Value range: - aliyun: a cloud certificate - custom: a custom certificate @@ -695,7 +702,11 @@ The following arguments are supported: * `ha_config` - (Optional, Available since 1.128.0) The primary/secondary switchover mode of the instance. Default value: Auto. Valid values: - Auto: The system automatically switches over services from the primary to secondary instances in the event of a fault. - Manual: You must manually switch over services from the primary to secondary instances in the event of a fault. - +* `pg_bouncer_enabled`- (Optional, Available since 1.240.0) Modify the PgBouncer feature of the RDS PostgreSQL instance. Valid values: + - true: enable. + - false: disable. +* `recovery_model` - (Optional, Available since 1.240.0) Enable the Simple Recovery Model for an RDS SQL Server Instance.The Simple Recovery Model feature is only supported by the Basic Series of RDS SQL Server instances. Once this feature is enabled, it cannot be disabled.Valid values: + - simple: Enable Simple Recovery. -> **NOTE:** If you set this parameter to Manual, you must specify the ManualHATime parameter. * `manual_ha_time` - (Optional, Available since 1.128.0) The time after when you want to enable automatic primary/secondary switchover. At most, you can set this parameter to 23:59:59 seven days later. Specify the time in the ISO 8601 standard in the yyyy-MM-ddTHH:mm:ssZ format. The time must be in UTC.