fix(cynosdb): [123732429] support cynosdb ssl (#3350)

* support cynosdb ssl

* update doc

* add changelog

* update

* update

---------

Co-authored-by: mikatong <[email protected]>

Author: tongyiming

.changelog/3350.txt

@@ -0,0 +1,3 @@
+```release-note:new-resource
+tencentcloud_cynosdb_ssl
+```

go.mod

@@ -46,10 +46,10 @@ require (
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/clb v1.0.1107
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cloudaudit v1.0.1033
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cls v1.0.1148
-	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.1159
+	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.1161
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cvm v1.0.1153
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cwp v1.0.762
-	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cynosdb v1.0.1111
+	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cynosdb v1.0.1161
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/dayu v1.0.335
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/dbbrain v1.0.652
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/dc v1.0.633

go.sum

@@ -969,6 +969,8 @@ github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.1156 h1:Uz9
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.1156/go.mod h1:r5r4xbfxSaeR04b166HGsBa/R4U3SueirEUpXGuw+Q0=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.1159 h1:Jl1XE3cY6Bz0lBexvX8z+u2KmDO3tnFxtwHIalM5YS4=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.1159/go.mod h1:r5r4xbfxSaeR04b166HGsBa/R4U3SueirEUpXGuw+Q0=
+github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.1161 h1:S4dJSWhOtaPjp0/GO/yhzUC6DfZvpWhrnsEKaLxr73c=
+github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.1161/go.mod h1:r5r4xbfxSaeR04b166HGsBa/R4U3SueirEUpXGuw+Q0=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/controlcenter v1.0.993 h1:WlPgXldQCxt7qi5Xrc6j6zTrsXWzN5BcOGs7Irq7fwQ=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/controlcenter v1.0.993/go.mod h1:Z9U8zNtyuyKhjS0698wqsrG/kLx1TQ5CEixXBwVe7xY=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/csip v1.0.860 h1:F3esKBIT3HW9+7Gt8cVgf8X06VdGIczpgLBUECzSEzU=
@@ -981,6 +983,8 @@ github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cwp v1.0.762 h1:2egy69S
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cwp v1.0.762/go.mod h1:1XylIfNUbAzmNqi4XMhwcM3VhmUHdu1OYybOeaJ4sOw=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cynosdb v1.0.1111 h1:Y7LLIZEQh8OAbnBWppUopu2PjPaQOO9Jzhp8LZO7adI=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cynosdb v1.0.1111/go.mod h1:hx4A0g62E4hq6vB0t9e/4vlUArok9R2qOYW5IzDiPYo=
+github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cynosdb v1.0.1161 h1:0oG7oMuDBXN2WyRtTU/650zRhLAAmYBgpttNn53NhK0=
+github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cynosdb v1.0.1161/go.mod h1:38t5HcmRqwC93ct7NgG82N+IQIjKLPLLvEUn263jejQ=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/dasb v1.0.970 h1:qVIRHgG1twsqF4aVN/x2T2yMRfPpsZBTNefDkqzM06M=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/dasb v1.0.970/go.mod h1:NJuuQD4z6vcnsZnC7Tvz2U9hElNS1wroc34UQbZvP2U=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/dayu v1.0.335 h1:D8qrelkK5udv8RzJJIABMzItGIyaZoYnxEVeIsYqiNw=

tencentcloud/provider.go

@@ -1716,6 +1716,7 @@ func Provider() *schema.Provider {
 			"tencentcloud_cynosdb_proxy_end_point":                                                  cynosdb.ResourceTencentCloudCynosdbProxyEndPoint(),
 			"tencentcloud_cynosdb_upgrade_proxy_version":                                            cynosdb.ResourceTencentCloudCynosdbUpgradeProxyVersion(),
 			"tencentcloud_cynosdb_backup_config":                                                    cynosdb.ResourceTencentCloudCynosdbBackupConfig(),
+			"tencentcloud_cynosdb_ssl":                                                              cynosdb.ResourceTencentCloudCynosdbSsl(),
 			"tencentcloud_vod_adaptive_dynamic_streaming_template":                                  vod.ResourceTencentCloudVodAdaptiveDynamicStreamingTemplate(),
 			"tencentcloud_vod_image_sprite_template":                                                vod.ResourceTencentCloudVodImageSpriteTemplate(),
 			"tencentcloud_vod_procedure_template":                                                   vod.ResourceTencentCloudVodProcedureTemplate(),

tencentcloud/provider.md

@@ -543,6 +543,7 @@ tencentcloud_cynosdb_read_only_instance_exclusive_access
 tencentcloud_cynosdb_proxy_end_point
 tencentcloud_cynosdb_upgrade_proxy_version
 tencentcloud_cynosdb_backup_config
+tencentcloud_cynosdb_ssl
 
 Direct Connect(DC)
 Data Source

tencentcloud/services/cynosdb/resource_tc_cynosdb_ssl.go

@@ -0,0 +1,183 @@
+package cynosdb
+
+import (
+	"context"
+	"fmt"
+	"log"
+	"strconv"
+	"strings"
+	"time"
+
+	tccommon "github.com/tencentcloudstack/terraform-provider-tencentcloud/tencentcloud/common"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+	cynosdb "github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cynosdb/v20190107"
+
+	"github.com/tencentcloudstack/terraform-provider-tencentcloud/tencentcloud/internal/helper"
+)
+
+func ResourceTencentCloudCynosdbSsl() *schema.Resource {
+	return &schema.Resource{
+		Create: resourceTencentCloudCynosdbSslCreate,
+		Read:   resourceTencentCloudCynosdbSslRead,
+		Update: resourceTencentCloudCynosdbSslUpdate,
+		Delete: resourceTencentCloudCynosdbSslDelete,
+		Importer: &schema.ResourceImporter{
+			State: schema.ImportStatePassthrough,
+		},
+		Schema: map[string]*schema.Schema{
+			"cluster_id": {
+				Required:    true,
+				Type:        schema.TypeString,
+				Description: "Cluster id.",
+			},
+			"instance_id": {
+				Required:    true,
+				Type:        schema.TypeString,
+				Description: "instance id.",
+			},
+			"status": {
+				Required:    true,
+				Type:        schema.TypeString,
+				Description: "Whether to enable SSL. `ON` means enabled, `OFF` means not enabled.",
+			},
+			"download_url": {
+				Computed:    true,
+				Type:        schema.TypeString,
+				Description: "Certificate download address.",
+			},
+		},
+	}
+}
+
+func resourceTencentCloudCynosdbSslCreate(d *schema.ResourceData, meta interface{}) error {
+	defer tccommon.LogElapsed("resource.tencentcloud_cynosdb_ssl.create")()
+	defer tccommon.InconsistentCheck(d, meta)()
+
+	clusterId := d.Get("cluster_id").(string)
+	instanceId := d.Get("instance_id").(string)
+
+	d.SetId(clusterId + tccommon.FILED_SP + instanceId)
+	return resourceTencentCloudCynosdbSslUpdate(d, meta)
+}
+
+func resourceTencentCloudCynosdbSslRead(d *schema.ResourceData, meta interface{}) error {
+	defer tccommon.LogElapsed("resource.tencentcloud_cynosdb_ssl.read")()
+	defer tccommon.InconsistentCheck(d, meta)()
+
+	logId := tccommon.GetLogId(tccommon.ContextNil)
+
+	ctx := context.WithValue(context.TODO(), tccommon.LogIdKey, logId)
+
+	service := CynosdbService{client: meta.(tccommon.ProviderMeta).GetAPIV3Conn()}
+
+	idSplit := strings.Split(d.Id(), tccommon.FILED_SP)
+	if len(idSplit) != 2 {
+		return fmt.Errorf("id is broken,%s", d.Id())
+	}
+	clusterId := idSplit[0]
+	instanceId := idSplit[1]
+
+	ssl, err := service.DescribeSSLStatus(ctx, clusterId, instanceId)
+	if err != nil {
+		return err
+	}
+
+	if ssl == nil {
+		d.SetId("")
+		log.Printf("[WARN]%s resource `tencentcloud_cynosdb_ssl` [%s] not found, please check if it has been deleted.",
+			logId, instanceId,
+		)
+		return nil
+	}
+
+	_ = d.Set("cluster_id", clusterId)
+	_ = d.Set("instance_id", instanceId)
+
+	if ssl.IsOpenSSL != nil {
+		if *ssl.IsOpenSSL == "yes" {
+			_ = d.Set("status", "ON")
+		} else {
+			_ = d.Set("status", "OFF")
+		}
+	}
+	if ssl.DownloadUrl != nil {
+		_ = d.Set("download_url", ssl.DownloadUrl)
+	}
+
+	return nil
+}
+
+func resourceTencentCloudCynosdbSslUpdate(d *schema.ResourceData, meta interface{}) error {
+	defer tccommon.LogElapsed("resource.tencentcloud_cynosdb_ssl.update")()
+	defer tccommon.InconsistentCheck(d, meta)()
+
+	logId := tccommon.GetLogId(tccommon.ContextNil)
+
+	idSplit := strings.Split(d.Id(), tccommon.FILED_SP)
+	if len(idSplit) != 2 {
+		return fmt.Errorf("id is broken,%s", d.Id())
+	}
+	clusterId := idSplit[0]
+	instanceId := idSplit[1]
+
+	var taskId *int64
+	if v, ok := d.GetOk("status"); ok {
+		status := v.(string)
+		if status == "ON" {
+			request := cynosdb.NewOpenSSLRequest()
+			request.ClusterId = helper.String(clusterId)
+			request.InstanceId = helper.String(instanceId)
+
+			err := resource.Retry(tccommon.WriteRetryTimeout, func() *resource.RetryError {
+				result, e := meta.(tccommon.ProviderMeta).GetAPIV3Conn().UseCynosdbClient().OpenSSL(request)
+				if e != nil {
+					return tccommon.RetryError(e)
+				} else {
+					log.Printf("[DEBUG]%s api[%s] success, request body [%s], response body [%s]\n", logId, request.GetAction(), request.ToJsonString(), result.ToJsonString())
+				}
+				taskId = result.Response.TaskId
+				return nil
+			})
+			if err != nil {
+				log.Printf("[CRITAL]%s update cynosdb ssl failed, reason:%+v", logId, err)
+				return err
+			}
+		} else if status == "OFF" {
+			request := cynosdb.NewCloseSSLRequest()
+			request.ClusterId = helper.String(clusterId)
+			request.InstanceId = helper.String(instanceId)
+
+			err := resource.Retry(tccommon.WriteRetryTimeout, func() *resource.RetryError {
+				result, e := meta.(tccommon.ProviderMeta).GetAPIV3Conn().UseCynosdbClient().CloseSSL(request)
+				if e != nil {
+					return tccommon.RetryError(e)
+				} else {
+					log.Printf("[DEBUG]%s api[%s] success, request body [%s], response body [%s]\n", logId, request.GetAction(), request.ToJsonString(), result.ToJsonString())
+				}
+				taskId = result.Response.TaskId
+				return nil
+			})
+			if err != nil {
+				log.Printf("[CRITAL]%s update cynosdb ssl failed, reason:%+v", logId, err)
+				return err
+			}
+		} else {
+			return fmt.Errorf("[CRITAL]%s update cynosdb ssl failed, reason:your status must be ON or OFF!", logId)
+		}
+		service := CynosdbService{client: meta.(tccommon.ProviderMeta).GetAPIV3Conn()}
+		conf := tccommon.BuildStateChangeConf([]string{}, []string{"success"}, 10*tccommon.ReadRetryTimeout, time.Second, service.taskStateRefreshFunc(strconv.FormatInt(*taskId, 10), []string{}))
+		if _, e := conf.WaitForState(); e != nil {
+			return e
+		}
+	}
+
+	return resourceTencentCloudCynosdbSslRead(d, meta)
+}
+
+func resourceTencentCloudCynosdbSslDelete(d *schema.ResourceData, meta interface{}) error {
+	defer tccommon.LogElapsed("resource.tencentcloud_cynosdb_ssl.delete")()
+
+	return nil
+}

tencentcloud/services/cynosdb/resource_tc_cynosdb_ssl.md

@@ -0,0 +1,19 @@
+Provides a resource to create a cynosdb ssl
+
+Example Usage
+
+```hcl
+resource "tencentcloud_cynosdb_ssl" "cynosdb_ssl" {
+  cluster_id = "cynosdbmysql-1e0nzayx"
+  instance_id = "cynosdbmysql-ins-pfsv6q1e"
+  status = "ON"
+}
+```
+
+Import
+
+cynosdb ssl can be imported using the id, e.g.
+
+```
+terraform import tencentcloud_cynosdb_ssl.cynosdb_ssl ${cluster_id}#${instance_id}
+```

tencentcloud/services/cynosdb/resource_tc_cynosdb_ssl_test.go

@@ -0,0 +1,58 @@
+package cynosdb_test
+
+import (
+	"testing"
+
+	tcacctest "github.com/tencentcloudstack/terraform-provider-tencentcloud/tencentcloud/acctest"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+)
+
+func TestAccTencentCloudCynosdbSslResource_basic(t *testing.T) {
+	t.Parallel()
+	resource.Test(t, resource.TestCase{
+		PreCheck: func() {
+			tcacctest.AccPreCheck(t)
+		},
+		Providers: tcacctest.AccProviders,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccCynosdbSsl,
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttrSet("tencentcloud_cynosdb_ssl.cynosdb_ssl", "id"),
+					resource.TestCheckResourceAttr("tencentcloud_cynosdb_ssl.cynosdb_ssl", "status", "ON"),
+					resource.TestCheckResourceAttrSet("tencentcloud_cynosdb_ssl.cynosdb_ssl", "download_url"),
+				),
+			},
+			{
+				Config: testAccCynosdbSsl_update,
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttrSet("tencentcloud_cynosdb_ssl.cynosdb_ssl", "id"),
+					resource.TestCheckResourceAttr("tencentcloud_cynosdb_ssl.cynosdb_ssl", "status", "OFF"),
+					resource.TestCheckResourceAttrSet("tencentcloud_cynosdb_ssl.cynosdb_ssl", "download_url"),
+				),
+			},
+			{
+				ResourceName:      "tencentcloud_cynosdb_ssl.cynosdb_ssl",
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
+		},
+	})
+}
+
+const testAccCynosdbSsl = `
+resource "tencentcloud_cynosdb_ssl" "cynosdb_ssl" {
+  cluster_id = "cynosdbmysql-7yr4dde5"
+  instance_id = "cynosdbmysql-ins-4f62d5tq"
+  status = "ON"
+}
+`
+
+const testAccCynosdbSsl_update = `
+resource "tencentcloud_cynosdb_ssl" "cynosdb_ssl" {
+  cluster_id = "cynosdbmysql-7yr4dde5"
+  instance_id = "cynosdbmysql-ins-4f62d5tq"
+  status = "OFF"
+}
+`

tencentcloud/services/cynosdb/service_tencentcloud_cynosdb.go

@@ -2955,3 +2955,57 @@ func (me *CynosdbService) UpgradeClusterVersion(ctx context.Context, clusterId,
 
 	return
 }
+
+func (me *CynosdbService) DescribeSSLStatus(ctx context.Context, clusterId, instanceId string) (ret *cynosdb.DescribeSSLStatusResponseParams, errRet error) {
+	logId := tccommon.GetLogId(ctx)
+
+	request := cynosdb.NewDescribeSSLStatusRequest()
+	request.ClusterId = &clusterId
+	request.InstanceId = &instanceId
+	defer func() {
+		if errRet != nil {
+			log.Printf("[CRITAL]%s api[%s] fail, request body [%s], reason[%s]\n", logId, request.GetAction(), request.ToJsonString(), errRet.Error())
+		}
+	}()
+
+	errRet = resource.Retry(tccommon.WriteRetryTimeout*2, func() *resource.RetryError {
+		ratelimit.Check(request.GetAction())
+		response, err := me.client.UseCynosdbClient().DescribeSSLStatus(request)
+		if err != nil {
+			return tccommon.RetryError(err)
+		}
+		ret = response.Response
+		log.Printf("[DEBUG]%s api[%s] success, request body [%s], response body [%s]\n", logId, request.GetAction(), request.ToJsonString(), response.ToJsonString())
+		return nil
+	})
+	if errRet != nil {
+		return
+	}
+
+	return
+}
+
+func (me *CynosdbService) taskStateRefreshFunc(taskId string, failStates []string) resource.StateRefreshFunc {
+	return func() (interface{}, string, error) {
+		request := cynosdb.NewDescribeTasksRequest()
+		request.Filters = []*cynosdb.QueryFilter{
+			{
+				ExactMatch: helper.Bool(true),
+				Names:      helper.Strings([]string{"TaskId"}),
+				Values:     helper.Strings([]string{taskId}),
+			},
+		}
+
+		ratelimit.Check(request.GetAction())
+		object, err := me.client.UseCynosdbClient().DescribeTasks(request)
+
+		if err != nil {
+			return nil, "", err
+		}
+		if object == nil || object.Response == nil || len(object.Response.TaskList) == 0 || object.Response.TaskList[0].Status == nil {
+			return nil, "", nil
+		}
+
+		return object, *object.Response.TaskList[0].Status, nil
+	}
+}