feat(pg): allow to modify user replication settings

CHANGELOG.md

@@ -8,6 +8,8 @@ nav_order: 1
 
 ## [MAJOR.MINOR.PATCH] - YYYY-MM-DD
 
+- Allow to modify `pg_user` replication settings
+
 ## [4.9.0] - 2023-09-18
 
 - Fix IP Filter migrations error

docs/data-sources/pg_user.md

@@ -34,6 +34,6 @@ data "aiven_pg_user" "user" {
 - `access_cert` (String, Sensitive) Access certificate for the user
 - `access_key` (String, Sensitive) Access certificate key for the user
 - `id` (String) The ID of this resource.
-- `password` (String, Sensitive) The password of the PG User ( not applicable for all services ).
-- `pg_allow_replication` (Boolean) Defines whether replication is allowed. This property cannot be changed, doing so forces recreation of the resource.
+- `password` (String, Sensitive) The password of the PG User (not applicable for all services).
+- `pg_allow_replication` (Boolean) Defines whether replication is allowed.
 - `type` (String) Type of the user account. Tells whether the user is the primary account or a regular account.

docs/resources/pg_user.md

@@ -32,8 +32,8 @@ resource "aiven_pg_user" "foo" {
 
 ### Optional
 
-- `password` (String, Sensitive) The password of the PG User ( not applicable for all services ).
-- `pg_allow_replication` (Boolean) Defines whether replication is allowed. This property cannot be changed, doing so forces recreation of the resource.
+- `password` (String, Sensitive) The password of the PG User (not applicable for all services).
+- `pg_allow_replication` (Boolean) Defines whether replication is allowed.
 - `timeouts` (Block, Optional) (see [below for nested schema](#nestedblock--timeouts))
 
 ### Read-Only

internal/sdkprovider/service/pg/pg_user.go

@@ -28,16 +28,12 @@ var aivenPGUserSchema = map[string]*schema.Schema{
 		Sensitive:        true,
 		Computed:         true,
 		DiffSuppressFunc: schemautil.EmptyObjectDiffSuppressFunc,
-		Description:      "The password of the PG User ( not applicable for all services ).",
+		Description:      "The password of the PG User (not applicable for all services).",
 	},
 	"pg_allow_replication": {
 		Type:        schema.TypeBool,
 		Optional:    true,
-		ForceNew:    true,
-		Description: userconfig.Desc("Defines whether replication is allowed.").ForceNew().Build(),
-		Elem: &schema.Schema{
-			Type: schema.TypeBool,
-		},
+		Description: "Defines whether replication is allowed.",
 	},
 
 	// computed fields
@@ -128,6 +124,23 @@ func resourcePGUserUpdate(ctx context.Context, d *schema.ResourceData, m interfa
 		return diag.FromErr(err)
 	}
 
+	if d.HasChange("pg_allow_replication") {
+		allowReplication := d.Get("pg_allow_replication").(bool)
+
+		op := "set-access-control"
+
+		_, err = client.ServiceUsers.Update(projectName, serviceName, username,
+			aiven.ModifyServiceUserRequest{
+				AccessControl: &aiven.AccessControl{
+					PostgresAllowReplication: &allowReplication,
+				},
+				Operation: &op,
+			})
+		if err != nil {
+			return diag.FromErr(err)
+		}
+	}
+
 	return resourcePGUserRead(ctx, d, m)
 }
 

internal/sdkprovider/service/pg/pg_user_test.go

@@ -78,6 +78,28 @@ func TestAccAivenPGUser_pg_replica(t *testing.T) {
 					resource.TestCheckResourceAttr(resourceName, "pg_allow_replication", "true"),
 				),
 			},
+			{
+				Config: testAccPGUserPgReplicationDisableResource(rName),
+				Check: resource.ComposeTestCheckFunc(
+					schemautil.TestAccCheckAivenServiceUserAttributes("data.aiven_pg_user.user"),
+					resource.TestCheckResourceAttr(resourceName, "service_name", fmt.Sprintf("test-acc-sr-%s", rName)),
+					resource.TestCheckResourceAttr(resourceName, "project", os.Getenv("AIVEN_PROJECT_NAME")),
+					resource.TestCheckResourceAttr(resourceName, "username", fmt.Sprintf("user-%s", rName)),
+					resource.TestCheckResourceAttr(resourceName, "password", "Test$1234"),
+					resource.TestCheckResourceAttr(resourceName, "pg_allow_replication", "false"),
+				),
+			},
+			{
+				Config: testAccPGUserPgReplicationEnableResource(rName),
+				Check: resource.ComposeTestCheckFunc(
+					schemautil.TestAccCheckAivenServiceUserAttributes("data.aiven_pg_user.user"),
+					resource.TestCheckResourceAttr(resourceName, "service_name", fmt.Sprintf("test-acc-sr-%s", rName)),
+					resource.TestCheckResourceAttr(resourceName, "project", os.Getenv("AIVEN_PROJECT_NAME")),
+					resource.TestCheckResourceAttr(resourceName, "username", fmt.Sprintf("user-%s", rName)),
+					resource.TestCheckResourceAttr(resourceName, "password", "Test$1234"),
+					resource.TestCheckResourceAttr(resourceName, "pg_allow_replication", "true"),
+				),
+			},
 		},
 	})
 }
@@ -143,6 +165,70 @@ data "aiven_pg_user" "user" {
 }`, os.Getenv("AIVEN_PROJECT_NAME"), name, name)
 }
 
+func testAccPGUserPgReplicationDisableResource(name string) string {
+	return fmt.Sprintf(`
+data "aiven_project" "foo" {
+  project = "%s"
+}
+
+resource "aiven_pg" "bar" {
+  project      = data.aiven_project.foo.project
+  cloud_name   = "google-europe-west1"
+  plan         = "startup-4"
+  service_name = "test-acc-sr-%s"
+}
+
+resource "aiven_pg_user" "foo" {
+  service_name         = aiven_pg.bar.service_name
+  project              = aiven_pg.bar.project
+  username             = "user-%s"
+  password             = "Test$1234"
+  pg_allow_replication = false
+
+  depends_on = [aiven_pg.bar]
+}
+
+data "aiven_pg_user" "user" {
+  service_name = aiven_pg_user.foo.service_name
+  project      = aiven_pg_user.foo.project
+  username     = aiven_pg_user.foo.username
+
+  depends_on = [aiven_pg_user.foo]
+}`, os.Getenv("AIVEN_PROJECT_NAME"), name, name)
+}
+
+func testAccPGUserPgReplicationEnableResource(name string) string {
+	return fmt.Sprintf(`
+data "aiven_project" "foo" {
+  project = "%s"
+}
+
+resource "aiven_pg" "bar" {
+  project      = data.aiven_project.foo.project
+  cloud_name   = "google-europe-west1"
+  plan         = "startup-4"
+  service_name = "test-acc-sr-%s"
+}
+
+resource "aiven_pg_user" "foo" {
+  service_name         = aiven_pg.bar.service_name
+  project              = aiven_pg.bar.project
+  username             = "user-%s"
+  password             = "Test$1234"
+  pg_allow_replication = true
+
+  depends_on = [aiven_pg.bar]
+}
+
+data "aiven_pg_user" "user" {
+  service_name = aiven_pg_user.foo.service_name
+  project      = aiven_pg_user.foo.project
+  username     = aiven_pg_user.foo.username
+
+  depends_on = [aiven_pg_user.foo]
+}`, os.Getenv("AIVEN_PROJECT_NAME"), name, name)
+}
+
 func testAccPGUserNewPasswordResource(name string) string {
 	return fmt.Sprintf(`
 data "aiven_project" "foo" {