[RDS]: read replica ssl support (#2646)

[RDS]: read replica ssl support Summary of the Pull Request Implement ssl for rds read replica. PR Checklist Refers to: #2644 Tests added/passed. Documentation updated. Schema updated. Release notes added. Acceptance Steps Performed === RUN TestAccRdsReadReplicaV3SSL --- PASS: TestAccRdsReadReplicaV3SSL (1166.68s) PASS Process finished with the exit code 0 === RUN TestAccRdsReadReplicaV3Basic --- PASS: TestAccRdsReadReplicaV3Basic (950.80s) PASS Process finished with the exit code 0 Reviewed-by: Anton Sidelnikov
opentelekomcloud · Sep 5, 2024 · b1c341f · b1c341f
1 parent 17d0529
commit b1c341f
Show file tree

Hide file tree

Showing 4 changed files with 213 additions and 0 deletions.
diff --git a/docs/resources/rds_read_replica_v3.md b/docs/resources/rds_read_replica_v3.md
@@ -77,6 +77,8 @@ The following arguments are supported:
 * `public_ips` - (Optional) Specifies floating IP to be assigned to the instance.
   This should be a list with single element only.
 
+* `ssl_enable` - (Optional) Specifies whether SSL should be enabled for MySql instances.
+
 * `volume` - Specifies the volume information. Structure is documented below.
 
 The `volume` block supports:

diff --git a/opentelekomcloud/acceptance/rds/resource_opentelekomcloud_rds_read_replica_v3_test.go b/opentelekomcloud/acceptance/rds/resource_opentelekomcloud_rds_read_replica_v3_test.go
@@ -58,6 +58,41 @@ func TestAccRdsReadReplicaV3Basic(t *testing.T) {
 	})
 }
 
+func TestAccRdsReadReplicaV3SSL(t *testing.T) {
+	postfix := tools.RandomString("rr", 3)
+	var rdsInstance instances.InstanceResponse
+
+	resName := "opentelekomcloud_rds_read_replica_v3.replica"
+
+	secondAZ := "eu-de-03"
+
+	if env.OS_AVAILABILITY_ZONE == secondAZ {
+		t.Skip("OS_AVAILABILITY_ZONE should be set to value !=", secondAZ)
+	}
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:          func() { common.TestAccPreCheck(t) },
+		ProviderFactories: common.TestAccProviderFactories,
+		CheckDestroy:      testAccCheckRdsInstanceV3Destroy,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccRdsReadReplicaV3SSLEnabled(postfix),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckRdsInstanceV3Exists(resName, &rdsInstance),
+					resource.TestCheckResourceAttr(resName, "ssl_enable", "true"),
+				),
+			},
+			{
+				Config: testAccRdsReadReplicaV3SSLDisabled(postfix),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckRdsInstanceV3Exists(resName, &rdsInstance),
+					resource.TestCheckResourceAttr(resName, "ssl_enable", "false"),
+				),
+			},
+		},
+	})
+}
+
 func testAccRdsReadReplicaV3Basic(postfix string) string {
 	return fmt.Sprintf(`
 %s
@@ -160,3 +195,101 @@ resource "opentelekomcloud_rds_read_replica_v3" "replica" {
 }
 `, common.DataSourceSecGroupDefault, common.DataSourceSubnet, postfix, env.OS_AVAILABILITY_ZONE)
 }
+
+func testAccRdsReadReplicaV3SSLEnabled(postfix string) string {
+	return fmt.Sprintf(`
+%s
+
+%s
+
+resource "opentelekomcloud_rds_instance_v3" "instance" {
+  name              = "tf_rds_instance_%s"
+  availability_zone = ["%s"]
+  db {
+    password = "MySql!112822"
+    type     = "MySQL"
+    version  = "8.0"
+    port     = "8635"
+  }
+  security_group_id = data.opentelekomcloud_networking_secgroup_v2.default_secgroup.id
+  vpc_id            = data.opentelekomcloud_vpc_subnet_v1.shared_subnet.vpc_id
+  subnet_id         = data.opentelekomcloud_vpc_subnet_v1.shared_subnet.network_id
+  volume {
+    type = "COMMON"
+    size = 40
+  }
+  flavor = "rds.mysql.m1.large"
+  backup_strategy {
+    start_time = "08:00-09:00"
+    keep_days  = 1
+  }
+  tag = {
+    foo = "bar"
+    key = "value"
+  }
+}
+
+resource "opentelekomcloud_rds_read_replica_v3" "replica" {
+  name          = "test-replica"
+  replica_of_id = opentelekomcloud_rds_instance_v3.instance.id
+  flavor_ref    = "${opentelekomcloud_rds_instance_v3.instance.flavor}.rr"
+
+  availability_zone = "eu-de-03"
+  ssl_enable        = true
+
+  volume {
+    type = "COMMON"
+  }
+}
+
+
+`, common.DataSourceSecGroupDefault, common.DataSourceSubnet, postfix, env.OS_AVAILABILITY_ZONE)
+}
+
+func testAccRdsReadReplicaV3SSLDisabled(postfix string) string {
+	return fmt.Sprintf(`
+%s
+
+%s
+
+resource "opentelekomcloud_rds_instance_v3" "instance" {
+  name              = "tf_rds_instance_%s"
+  availability_zone = ["%s"]
+  db {
+    password = "MySql!112822"
+    type     = "MySQL"
+    version  = "8.0"
+    port     = "8635"
+  }
+  security_group_id = data.opentelekomcloud_networking_secgroup_v2.default_secgroup.id
+  vpc_id            = data.opentelekomcloud_vpc_subnet_v1.shared_subnet.vpc_id
+  subnet_id         = data.opentelekomcloud_vpc_subnet_v1.shared_subnet.network_id
+  volume {
+    type = "COMMON"
+    size = 40
+  }
+  flavor = "rds.mysql.m1.large"
+  backup_strategy {
+    start_time = "08:00-09:00"
+    keep_days  = 1
+  }
+  tag = {
+    foo = "bar"
+    key = "value"
+  }
+}
+
+resource "opentelekomcloud_rds_read_replica_v3" "replica" {
+  name          = "test-replica"
+  replica_of_id = opentelekomcloud_rds_instance_v3.instance.id
+  flavor_ref    = "${opentelekomcloud_rds_instance_v3.instance.flavor}.rr"
+
+  availability_zone = "eu-de-03"
+  ssl_enable        = false
+
+  volume {
+    type = "COMMON"
+  }
+}
+`, common.DataSourceSecGroupDefault, common.DataSourceSubnet, postfix, env.OS_AVAILABILITY_ZONE)
+}
diff --git a/opentelekomcloud/services/rds/resource_opentelekomcloud_rds_read_replica_v3.go b/opentelekomcloud/services/rds/resource_opentelekomcloud_rds_read_replica_v3.go
@@ -4,13 +4,17 @@ import (
 	"context"
 	"fmt"
 	"log"
+	"strings"
 	"time"
 
 	"github.com/hashicorp/go-multierror"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+	golangsdk "github.com/opentelekomcloud/gophertelekomcloud"
 	"github.com/opentelekomcloud/gophertelekomcloud/openstack/networking/v2/extensions/layer3/floatingips"
 	"github.com/opentelekomcloud/gophertelekomcloud/openstack/rds/v3/instances"
+	"github.com/opentelekomcloud/gophertelekomcloud/openstack/rds/v3/security"
 	"github.com/opentelekomcloud/terraform-provider-opentelekomcloud/opentelekomcloud/common"
 	"github.com/opentelekomcloud/terraform-provider-opentelekomcloud/opentelekomcloud/common/cfg"
 	"github.com/opentelekomcloud/terraform-provider-opentelekomcloud/opentelekomcloud/common/fmterr"
@@ -101,6 +105,11 @@ func ResourceRdsReadReplicaV3() *schema.Resource {
 				MaxItems: 1,
 				Set:      schema.HashString,
 			},
+			"ssl_enable": {
+				Type:     schema.TypeBool,
+				Computed: true,
+				Optional: true,
+			},
 			"security_group_id": {
 				Type:     schema.TypeString,
 				Computed: true,
@@ -189,6 +198,13 @@ func resourceRdsReadReplicaV3Create(ctx context.Context, d *schema.ResourceData,
 		}
 	}
 
+	if sslEnable := d.Get("ssl_enable").(bool); sslEnable {
+		err = switchSsl(client, d, ctx, sslEnable)
+		if err != nil {
+			return diag.FromErr(err)
+		}
+	}
+
 	return resourceRdsReadReplicaV3Read(ctx, d, meta)
 }
 
@@ -242,6 +258,7 @@ func resourceRdsReadReplicaV3Read(_ context.Context, d *schema.ResourceData, met
 		d.Set("vpc_id", replica.VpcId),
 		d.Set("private_ips", replica.PrivateIps),
 		d.Set("region", replica.Region),
+		d.Set("ssl_enable", *replica.EnableSSL),
 		setReplicaPrivateIPs(d, meta, replica.PrivateIps),
 	)
 	if err := mErr.ErrorOrNil(); err != nil {
@@ -350,6 +367,13 @@ func resourceRdsReadReplicaV3Update(ctx context.Context, d *schema.ResourceData,
 		}
 	}
 
+	if d.HasChange("ssl_enable") {
+		err = switchSsl(client, d, ctx, d.Get("ssl_enable").(bool))
+		if err != nil {
+			return diag.FromErr(err)
+		}
+	}
+
 	return resourceRdsReadReplicaV3Read(ctx, d, meta)
 }
 
@@ -370,3 +394,53 @@ func resourceRdsReadReplicaV3Delete(_ context.Context, d *schema.ResourceData, m
 	d.SetId("")
 	return nil
 }
+
+func switchSsl(client *golangsdk.ServiceClient, d *schema.ResourceData, ctx context.Context, sslEnable bool) error {
+	replica, err := GetRdsInstance(client, d.Id())
+	if err != nil {
+		return fmt.Errorf("error finding RDS instance: %w", err)
+	}
+	if replica == nil {
+		d.SetId("")
+		return nil
+	}
+	if strings.ToLower(replica.DataStore.Type) == "mysql" {
+		updateOpts := security.SwitchSslOpts{
+			SslOption:  sslEnable,
+			InstanceId: d.Id(),
+		}
+		log.Printf("[DEBUG] Update opts of SSL configuration: %+v", updateOpts)
+		err := security.SwitchSsl(client, updateOpts)
+		if err != nil {
+			return fmt.Errorf("error updating instance SSL configuration: %s ", err)
+		}
+		stateConf := &resource.StateChangeConf{
+			Pending:      []string{"PENDING"},
+			Target:       []string{"SUCCESS"},
+			Refresh:      waitForSSLSwitch(d, client, sslEnable),
+			Timeout:      d.Timeout(schema.TimeoutCreate),
+			PollInterval: 5 * time.Second,
+		}
+
+		_, err = stateConf.WaitForStateContext(ctx)
+		if err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+func waitForSSLSwitch(d *schema.ResourceData, client *golangsdk.ServiceClient, status bool) resource.StateRefreshFunc {
+	return func() (interface{}, string, error) {
+		rdsInstance, err := GetRdsInstance(client, d.Id())
+		if err != nil {
+			return nil, "", fmt.Errorf("error fetching RDS instance SSL status: %s", err)
+		}
+
+		if *rdsInstance.EnableSSL == status {
+			return rdsInstance, "SUCCESS", nil
+		}
+
+		return nil, "PENDING", nil
+	}
+}
diff --git a/releasenotes/notes/rds_replica_ssl-2da84496bef2be28.yaml b/releasenotes/notes/rds_replica_ssl-2da84496bef2be28.yaml
@@ -0,0 +1,4 @@
+---
+enhancements:
+  - |
+    **[RDS]** Add ssl support for ``resource/opentelekomcloud_rds_read_replica_v3`` (`#2646 <https://github.com/opentelekomcloud/terraform-provider-opentelekomcloud/pull/2646>`_)