Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix "SSL Mode and Require Connectors Support for AlloyDB (#9064)" to be backwards compatible #16202

Merged
merged 1 commit into from
Oct 10, 2023
Merged

Fix "SSL Mode and Require Connectors Support for AlloyDB (#9064)" to be backwards compatible #16202

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions .changelog/9195.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
```release-note:bug
alloydb: added `client_connection_config` field to `google_alloydb_instance` resource
```
195 changes: 195 additions & 0 deletions google/services/alloydb/resource_alloydb_instance.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -97,6 +97,40 @@ Zone is automatically chosen from the list of zones in the region specified.
Read pool of size 1 can only have zonal availability. Read pools with node count of 2 or more
can have regional availability (nodes are present in 2 or more zones in a region).' Possible values: ["AVAILABILITY_TYPE_UNSPECIFIED", "ZONAL", "REGIONAL"]`,
},
"client_connection_config": {
Type: schema.TypeList,
Computed: true,
Optional: true,
Description: `Client connection specific configurations.`,
MaxItems: 1,
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"require_connectors": {
Type: schema.TypeBool,
Optional: true,
Description: `Configuration to enforce connectors only (ex: AuthProxy) connections to the database.`,
},
"ssl_config": {
Type: schema.TypeList,
Computed: true,
Optional: true,
Description: `SSL config option for this instance.`,
MaxItems: 1,
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"ssl_mode": {
Type: schema.TypeString,
Computed: true,
Optional: true,
ValidateFunc: verify.ValidateEnum([]string{"ENCRYPTED_ONLY", "ALLOW_UNENCRYPTED_AND_ENCRYPTED", ""}),
Description: `SSL mode. Specifies client-server SSL/TLS connection behavior. Possible values: ["ENCRYPTED_ONLY", "ALLOW_UNENCRYPTED_AND_ENCRYPTED"]`,
},
},
},
},
},
},
},
"database_flags": {
Type: schema.TypeMap,
Optional: true,
Expand Down Expand Up @@ -301,6 +335,12 @@ func resourceAlloydbInstanceCreate(d *schema.ResourceData, meta interface{}) err
} else if v, ok := d.GetOkExists("machine_config"); !tpgresource.IsEmptyValue(reflect.ValueOf(machineConfigProp)) && (ok || !reflect.DeepEqual(v, machineConfigProp)) {
obj["machineConfig"] = machineConfigProp
}
clientConnectionConfigProp, err := expandAlloydbInstanceClientConnectionConfig(d.Get("client_connection_config"), d, config)
if err != nil {
return err
} else if v, ok := d.GetOkExists("client_connection_config"); !tpgresource.IsEmptyValue(reflect.ValueOf(clientConnectionConfigProp)) && (ok || !reflect.DeepEqual(v, clientConnectionConfigProp)) {
obj["clientConnectionConfig"] = clientConnectionConfigProp
}
labelsProp, err := expandAlloydbInstanceEffectiveLabels(d.Get("effective_labels"), d, config)
if err != nil {
return err
Expand All @@ -327,6 +367,34 @@ func resourceAlloydbInstanceCreate(d *schema.ResourceData, meta interface{}) err
billingProject = bp
}

// Only set the default SSL mode if the user does not explicitly specify it
var requireConnectors interface{}
setDefaultSSLMode := false
clientConnectionConfig := make(map[string]interface{})
sslConfig := make(map[string]interface{})

if obj["clientConnectionConfig"] != nil {
c := obj["clientConnectionConfig"].(map[string]interface{})
if c["requireConnectors"] != nil {
requireConnectors = c["requireConnectors"]
}
if c["sslConfig"] != nil {
s := c["sslConfig"].(map[string]interface{})
if s["sslMode"] == nil {
setDefaultSSLMode = true
}
} else {
setDefaultSSLMode = true
}
} else {
setDefaultSSLMode = true
}
if setDefaultSSLMode {
sslConfig["sslMode"] = "ENCRYPTED_ONLY"
clientConnectionConfig["sslConfig"] = sslConfig
clientConnectionConfig["requireConnectors"] = requireConnectors
obj["clientConnectionConfig"] = clientConnectionConfig
}
res, err := transport_tpg.SendRequest(transport_tpg.SendRequestOptions{
Config: config,
Method: "POST",
Expand Down Expand Up @@ -440,6 +508,9 @@ func resourceAlloydbInstanceRead(d *schema.ResourceData, meta interface{}) error
if err := d.Set("machine_config", flattenAlloydbInstanceMachineConfig(res["machineConfig"], d, config)); err != nil {
return fmt.Errorf("Error reading Instance: %s", err)
}
if err := d.Set("client_connection_config", flattenAlloydbInstanceClientConnectionConfig(res["clientConnectionConfig"], d, config)); err != nil {
return fmt.Errorf("Error reading Instance: %s", err)
}
if err := d.Set("terraform_labels", flattenAlloydbInstanceTerraformLabels(res["labels"], d, config)); err != nil {
return fmt.Errorf("Error reading Instance: %s", err)
}
Expand Down Expand Up @@ -506,6 +577,12 @@ func resourceAlloydbInstanceUpdate(d *schema.ResourceData, meta interface{}) err
} else if v, ok := d.GetOkExists("machine_config"); !tpgresource.IsEmptyValue(reflect.ValueOf(v)) && (ok || !reflect.DeepEqual(v, machineConfigProp)) {
obj["machineConfig"] = machineConfigProp
}
clientConnectionConfigProp, err := expandAlloydbInstanceClientConnectionConfig(d.Get("client_connection_config"), d, config)
if err != nil {
return err
} else if v, ok := d.GetOkExists("client_connection_config"); !tpgresource.IsEmptyValue(reflect.ValueOf(v)) && (ok || !reflect.DeepEqual(v, clientConnectionConfigProp)) {
obj["clientConnectionConfig"] = clientConnectionConfigProp
}
labelsProp, err := expandAlloydbInstanceEffectiveLabels(d.Get("effective_labels"), d, config)
if err != nil {
return err
Expand Down Expand Up @@ -555,6 +632,10 @@ func resourceAlloydbInstanceUpdate(d *schema.ResourceData, meta interface{}) err
updateMask = append(updateMask, "machineConfig")
}

if d.HasChange("client_connection_config") {
updateMask = append(updateMask, "clientConnectionConfig")
}

if d.HasChange("effective_labels") {
updateMask = append(updateMask, "labels")
}
Expand All @@ -568,6 +649,31 @@ func resourceAlloydbInstanceUpdate(d *schema.ResourceData, meta interface{}) err
if err != nil {
return err
}
// If the SSL mode isn't specified in the update, retain the SSL mode that's already present
if d.HasChange("client_connection_config.0.ssl_config.0.ssl_mode") {
old, new := d.GetChange("client_connection_config.0.ssl_config.0.ssl_mode")
if tpgresource.IsEmptyValue(reflect.ValueOf(new)) {
var c map[string]interface{}
if obj["clientConnectionConfig"] == nil {
c = make(map[string]interface{})
} else {
c = obj["clientConnectionConfig"].(map[string]interface{})
}
var s map[string]interface{}
if c["sslConfig"] == nil {
s = make(map[string]interface{})
} else {
s = c["sslConfig"].(map[string]interface{})
}
if tpgresource.IsEmptyValue(reflect.ValueOf(old)) {
s["sslMode"] = "ENCRYPTED_ONLY"
} else {
s["sslMode"] = old
}
c["sslConfig"] = s
obj["clientConnectionConfig"] = c
}
}

// err == nil indicates that the billing_project value was found
if bp, err := tpgresource.GetBillingProject(d, config); err == nil {
Expand Down Expand Up @@ -867,6 +973,42 @@ func flattenAlloydbInstanceMachineConfigCpuCount(v interface{}, d *schema.Resour
return v // let terraform core handle it otherwise
}

func flattenAlloydbInstanceClientConnectionConfig(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
if v == nil {
return nil
}
original := v.(map[string]interface{})
if len(original) == 0 {
return nil
}
transformed := make(map[string]interface{})
transformed["require_connectors"] =
flattenAlloydbInstanceClientConnectionConfigRequireConnectors(original["requireConnectors"], d, config)
transformed["ssl_config"] =
flattenAlloydbInstanceClientConnectionConfigSslConfig(original["sslConfig"], d, config)
return []interface{}{transformed}
}
func flattenAlloydbInstanceClientConnectionConfigRequireConnectors(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
return v
}

func flattenAlloydbInstanceClientConnectionConfigSslConfig(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
if v == nil {
return nil
}
original := v.(map[string]interface{})
if len(original) == 0 {
return nil
}
transformed := make(map[string]interface{})
transformed["ssl_mode"] =
flattenAlloydbInstanceClientConnectionConfigSslConfigSslMode(original["sslMode"], d, config)
return []interface{}{transformed}
}
func flattenAlloydbInstanceClientConnectionConfigSslConfigSslMode(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
return v
}

func flattenAlloydbInstanceTerraformLabels(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
if v == nil {
return v
Expand Down Expand Up @@ -1019,6 +1161,59 @@ func expandAlloydbInstanceMachineConfigCpuCount(v interface{}, d tpgresource.Ter
return v, nil
}

func expandAlloydbInstanceClientConnectionConfig(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
l := v.([]interface{})
if len(l) == 0 || l[0] == nil {
return nil, nil
}
raw := l[0]
original := raw.(map[string]interface{})
transformed := make(map[string]interface{})

transformedRequireConnectors, err := expandAlloydbInstanceClientConnectionConfigRequireConnectors(original["require_connectors"], d, config)
if err != nil {
return nil, err
} else if val := reflect.ValueOf(transformedRequireConnectors); val.IsValid() && !tpgresource.IsEmptyValue(val) {
transformed["requireConnectors"] = transformedRequireConnectors
}

transformedSslConfig, err := expandAlloydbInstanceClientConnectionConfigSslConfig(original["ssl_config"], d, config)
if err != nil {
return nil, err
} else if val := reflect.ValueOf(transformedSslConfig); val.IsValid() && !tpgresource.IsEmptyValue(val) {
transformed["sslConfig"] = transformedSslConfig
}

return transformed, nil
}

func expandAlloydbInstanceClientConnectionConfigRequireConnectors(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
return v, nil
}

func expandAlloydbInstanceClientConnectionConfigSslConfig(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
l := v.([]interface{})
if len(l) == 0 || l[0] == nil {
return nil, nil
}
raw := l[0]
original := raw.(map[string]interface{})
transformed := make(map[string]interface{})

transformedSslMode, err := expandAlloydbInstanceClientConnectionConfigSslConfigSslMode(original["ssl_mode"], d, config)
if err != nil {
return nil, err
} else if val := reflect.ValueOf(transformedSslMode); val.IsValid() && !tpgresource.IsEmptyValue(val) {
transformed["sslMode"] = transformedSslMode
}

return transformed, nil
}

func expandAlloydbInstanceClientConnectionConfigSslConfigSslMode(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
return v, nil
}

func expandAlloydbInstanceEffectiveLabels(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (map[string]string, error) {
if v == nil {
return map[string]string{}, nil
Expand Down
Loading