From c78cc4e723a3004e1bf3e5585ae56364f6c2519c Mon Sep 17 00:00:00 2001 From: Aleksander Zaruczewski Date: Wed, 20 Sep 2023 21:45:05 +0300 Subject: [PATCH] feat(pg): allow to modify user replication settings (#1364) --- CHANGELOG.md | 2 + docs/data-sources/pg_user.md | 4 +- docs/resources/pg_user.md | 4 +- internal/sdkprovider/service/pg/pg_user.go | 25 ++++-- .../sdkprovider/service/pg/pg_user_test.go | 86 +++++++++++++++++++ 5 files changed, 111 insertions(+), 10 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 256547f72..4f7c9dfe3 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,6 +8,8 @@ nav_order: 1 ## [MAJOR.MINOR.PATCH] - YYYY-MM-DD +- Allow to modify `pg_user` replication settings + ## [4.9.0] - 2023-09-18 - Fix IP Filter migrations error diff --git a/docs/data-sources/pg_user.md b/docs/data-sources/pg_user.md index 9244ac325..a93a91082 100644 --- a/docs/data-sources/pg_user.md +++ b/docs/data-sources/pg_user.md @@ -34,6 +34,6 @@ data "aiven_pg_user" "user" { - `access_cert` (String, Sensitive) Access certificate for the user - `access_key` (String, Sensitive) Access certificate key for the user - `id` (String) The ID of this resource. -- `password` (String, Sensitive) The password of the PG User ( not applicable for all services ). -- `pg_allow_replication` (Boolean) Defines whether replication is allowed. This property cannot be changed, doing so forces recreation of the resource. +- `password` (String, Sensitive) The password of the PG User (not applicable for all services). +- `pg_allow_replication` (Boolean) Defines whether replication is allowed. - `type` (String) Type of the user account. Tells whether the user is the primary account or a regular account. diff --git a/docs/resources/pg_user.md b/docs/resources/pg_user.md index 607edba3a..db2f4f04b 100644 --- a/docs/resources/pg_user.md +++ b/docs/resources/pg_user.md @@ -32,8 +32,8 @@ resource "aiven_pg_user" "foo" { ### Optional -- `password` (String, Sensitive) The password of the PG User ( not applicable for all services ). -- `pg_allow_replication` (Boolean) Defines whether replication is allowed. This property cannot be changed, doing so forces recreation of the resource. +- `password` (String, Sensitive) The password of the PG User (not applicable for all services). +- `pg_allow_replication` (Boolean) Defines whether replication is allowed. - `timeouts` (Block, Optional) (see [below for nested schema](#nestedblock--timeouts)) ### Read-Only diff --git a/internal/sdkprovider/service/pg/pg_user.go b/internal/sdkprovider/service/pg/pg_user.go index 68b96d21b..3e514c124 100644 --- a/internal/sdkprovider/service/pg/pg_user.go +++ b/internal/sdkprovider/service/pg/pg_user.go @@ -28,16 +28,12 @@ var aivenPGUserSchema = map[string]*schema.Schema{ Sensitive: true, Computed: true, DiffSuppressFunc: schemautil.EmptyObjectDiffSuppressFunc, - Description: "The password of the PG User ( not applicable for all services ).", + Description: "The password of the PG User (not applicable for all services).", }, "pg_allow_replication": { Type: schema.TypeBool, Optional: true, - ForceNew: true, - Description: userconfig.Desc("Defines whether replication is allowed.").ForceNew().Build(), - Elem: &schema.Schema{ - Type: schema.TypeBool, - }, + Description: "Defines whether replication is allowed.", }, // computed fields @@ -128,6 +124,23 @@ func resourcePGUserUpdate(ctx context.Context, d *schema.ResourceData, m interfa return diag.FromErr(err) } + if d.HasChange("pg_allow_replication") { + allowReplication := d.Get("pg_allow_replication").(bool) + + op := "set-access-control" + + _, err = client.ServiceUsers.Update(projectName, serviceName, username, + aiven.ModifyServiceUserRequest{ + AccessControl: &aiven.AccessControl{ + PostgresAllowReplication: &allowReplication, + }, + Operation: &op, + }) + if err != nil { + return diag.FromErr(err) + } + } + return resourcePGUserRead(ctx, d, m) } diff --git a/internal/sdkprovider/service/pg/pg_user_test.go b/internal/sdkprovider/service/pg/pg_user_test.go index 58ef9b926..66c6ba07b 100644 --- a/internal/sdkprovider/service/pg/pg_user_test.go +++ b/internal/sdkprovider/service/pg/pg_user_test.go @@ -78,6 +78,28 @@ func TestAccAivenPGUser_pg_replica(t *testing.T) { resource.TestCheckResourceAttr(resourceName, "pg_allow_replication", "true"), ), }, + { + Config: testAccPGUserPgReplicationDisableResource(rName), + Check: resource.ComposeTestCheckFunc( + schemautil.TestAccCheckAivenServiceUserAttributes("data.aiven_pg_user.user"), + resource.TestCheckResourceAttr(resourceName, "service_name", fmt.Sprintf("test-acc-sr-%s", rName)), + resource.TestCheckResourceAttr(resourceName, "project", os.Getenv("AIVEN_PROJECT_NAME")), + resource.TestCheckResourceAttr(resourceName, "username", fmt.Sprintf("user-%s", rName)), + resource.TestCheckResourceAttr(resourceName, "password", "Test$1234"), + resource.TestCheckResourceAttr(resourceName, "pg_allow_replication", "false"), + ), + }, + { + Config: testAccPGUserPgReplicationEnableResource(rName), + Check: resource.ComposeTestCheckFunc( + schemautil.TestAccCheckAivenServiceUserAttributes("data.aiven_pg_user.user"), + resource.TestCheckResourceAttr(resourceName, "service_name", fmt.Sprintf("test-acc-sr-%s", rName)), + resource.TestCheckResourceAttr(resourceName, "project", os.Getenv("AIVEN_PROJECT_NAME")), + resource.TestCheckResourceAttr(resourceName, "username", fmt.Sprintf("user-%s", rName)), + resource.TestCheckResourceAttr(resourceName, "password", "Test$1234"), + resource.TestCheckResourceAttr(resourceName, "pg_allow_replication", "true"), + ), + }, }, }) } @@ -143,6 +165,70 @@ data "aiven_pg_user" "user" { }`, os.Getenv("AIVEN_PROJECT_NAME"), name, name) } +func testAccPGUserPgReplicationDisableResource(name string) string { + return fmt.Sprintf(` +data "aiven_project" "foo" { + project = "%s" +} + +resource "aiven_pg" "bar" { + project = data.aiven_project.foo.project + cloud_name = "google-europe-west1" + plan = "startup-4" + service_name = "test-acc-sr-%s" +} + +resource "aiven_pg_user" "foo" { + service_name = aiven_pg.bar.service_name + project = aiven_pg.bar.project + username = "user-%s" + password = "Test$1234" + pg_allow_replication = false + + depends_on = [aiven_pg.bar] +} + +data "aiven_pg_user" "user" { + service_name = aiven_pg_user.foo.service_name + project = aiven_pg_user.foo.project + username = aiven_pg_user.foo.username + + depends_on = [aiven_pg_user.foo] +}`, os.Getenv("AIVEN_PROJECT_NAME"), name, name) +} + +func testAccPGUserPgReplicationEnableResource(name string) string { + return fmt.Sprintf(` +data "aiven_project" "foo" { + project = "%s" +} + +resource "aiven_pg" "bar" { + project = data.aiven_project.foo.project + cloud_name = "google-europe-west1" + plan = "startup-4" + service_name = "test-acc-sr-%s" +} + +resource "aiven_pg_user" "foo" { + service_name = aiven_pg.bar.service_name + project = aiven_pg.bar.project + username = "user-%s" + password = "Test$1234" + pg_allow_replication = true + + depends_on = [aiven_pg.bar] +} + +data "aiven_pg_user" "user" { + service_name = aiven_pg_user.foo.service_name + project = aiven_pg_user.foo.project + username = aiven_pg_user.foo.username + + depends_on = [aiven_pg_user.foo] +}`, os.Getenv("AIVEN_PROJECT_NAME"), name, name) +} + func testAccPGUserNewPasswordResource(name string) string { return fmt.Sprintf(` data "aiven_project" "foo" {