feat(cdb): [117461373]support mysql ssl (#2687)

* feat(cdb): [117461373]support mysql ssl

* feat(cdb): [117461373]support mysql ssl

* feat: add changelog

Author: gitmkn

.changelog/2687.txt

@@ -0,0 +1,3 @@
+```release-note:new-resource
+tencentcloud_mysql_ssl
+```

go.mod

@@ -35,7 +35,7 @@ require (
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cam v1.0.760
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cat v1.0.825
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cbs v1.0.591
-	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cdb v1.0.800
+	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cdb v1.0.944
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cdn v1.0.539
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cdwch v1.0.843
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cfs v1.0.627

go.sum

@@ -838,6 +838,8 @@ github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cbs v1.0.591 h1:TPGLjH6
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cbs v1.0.591/go.mod h1:nCAGfVTXZkVnurkbjF3b0FM6RwGztE9t8D9Ms1unaKo=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cdb v1.0.800 h1:VnnmCIaAXU7t0uwNtaLs990V7+V7/7viMpOytOT6GOE=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cdb v1.0.800/go.mod h1:8wiecMvcwN6785rTWLJmdm/Y7u1DjFmqI/iqiWwpm5o=
+github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cdb v1.0.944 h1:+PGoNHlZE/WY6KWWNOByL0sYVv1ZJtSx7yXMUJNYV1Y=
+github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cdb v1.0.944/go.mod h1:+VHcZ4Cnzpt6vtCvNROz8xWfNWUkoAZ9UPSonbA3NWM=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cdc v1.0.967 h1:+05iVbm200Dh1td+apCB/aX2w97TvmcSlpECkaL53Bw=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cdc v1.0.967/go.mod h1:JzIWhJtlitR2S92TMXikPAOQlC8smQrMbU2Y8NBzRk8=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cdc v1.0.970 h1:0A6PwOaUeLtm4U5TR1uD91ETBgDcnfqFnsG9mwCNvlY=
@@ -947,6 +949,8 @@ github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.920/go.mod
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.921/go.mod h1:r5r4xbfxSaeR04b166HGsBa/R4U3SueirEUpXGuw+Q0=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.932 h1:MB1+Ll6JxWTpZw/v0dMRvMEJhlcDKxK/JMQ8O5owRVc=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.932/go.mod h1:r5r4xbfxSaeR04b166HGsBa/R4U3SueirEUpXGuw+Q0=
+github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.944 h1:O3AcToplHDczOWzJgpqhkBYJH7f6TyAwTSy1b8yao4o=
+github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.944/go.mod h1:r5r4xbfxSaeR04b166HGsBa/R4U3SueirEUpXGuw+Q0=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.947 h1:obeD8UftWQ6XO1OlQQYMAJ2r6tqKPTQ/+8IrZAE0BMs=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.947/go.mod h1:r5r4xbfxSaeR04b166HGsBa/R4U3SueirEUpXGuw+Q0=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.949/go.mod h1:r5r4xbfxSaeR04b166HGsBa/R4U3SueirEUpXGuw+Q0=

tencentcloud/provider.go

@@ -1266,6 +1266,7 @@ func Provider() *schema.Provider {
 			"tencentcloud_mysql_ro_start_replication":                          cdb.ResourceTencentCloudMysqlRoStartReplication(),
 			"tencentcloud_mysql_ro_stop_replication":                           cdb.ResourceTencentCloudMysqlRoStopReplication(),
 			"tencentcloud_mysql_switch_proxy":                                  cdb.ResourceTencentCloudMysqlSwitchProxy(),
+			"tencentcloud_mysql_ssl":                                           cdb.ResourceTencentCloudMysqlSsl(),
 			"tencentcloud_cos_bucket":                                          cos.ResourceTencentCloudCosBucket(),
 			"tencentcloud_cos_bucket_object":                                   cos.ResourceTencentCloudCosBucketObject(),
 			"tencentcloud_cos_bucket_referer":                                  cos.ResourceTencentCloudCosBucketReferer(),

tencentcloud/provider.md

@@ -784,6 +784,7 @@ TencentDB for MySQL(cdb)
     tencentcloud_mysql_ro_stop_replication
     tencentcloud_mysql_isolate_instance
     tencentcloud_mysql_dr_instance
+    tencentcloud_mysql_ssl
 
 Cloud Monitor(Monitor)
   Data Source

tencentcloud/services/cdb/resource_tc_mysql_ssl.go

@@ -0,0 +1,181 @@
+package cdb
+
+import (
+	"context"
+	"fmt"
+	"log"
+
+	tccommon "github.com/tencentcloudstack/terraform-provider-tencentcloud/tencentcloud/common"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+	mysql "github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cdb/v20170320"
+
+	"github.com/tencentcloudstack/terraform-provider-tencentcloud/tencentcloud/internal/helper"
+)
+
+func ResourceTencentCloudMysqlSsl() *schema.Resource {
+	return &schema.Resource{
+		Create: resourceTencentCloudMysqlSslCreate,
+		Read:   resourceTencentCloudMysqlSslRead,
+		Update: resourceTencentCloudMysqlSslUpdate,
+		Delete: resourceTencentCloudMysqlSslDelete,
+		Importer: &schema.ResourceImporter{
+			State: schema.ImportStatePassthrough,
+		},
+		Schema: map[string]*schema.Schema{
+			"instance_id": {
+				Required:    true,
+				Type:        schema.TypeString,
+				Description: "Instance ID. Example value: cdb-c1nl9rpv.",
+			},
+
+			"status": {
+				Required:    true,
+				Type:        schema.TypeString,
+				Description: "Whether to enable SSL. `ON` means enabled, `OFF` means not enabled.",
+			},
+
+			"url": {
+				Computed:    true,
+				Type:        schema.TypeString,
+				Description: "The certificate download link. Example value: http://testdownload.url.",
+			},
+		},
+	}
+}
+
+func resourceTencentCloudMysqlSslCreate(d *schema.ResourceData, meta interface{}) error {
+	defer tccommon.LogElapsed("resource.tencentcloud_mysql_ssl.create")()
+	defer tccommon.InconsistentCheck(d, meta)()
+
+	d.SetId(d.Get("instance_id").(string))
+
+	return resourceTencentCloudMysqlSslUpdate(d, meta)
+}
+
+func resourceTencentCloudMysqlSslRead(d *schema.ResourceData, meta interface{}) error {
+	defer tccommon.LogElapsed("resource.tencentcloud_mysql_ssl.read")()
+	defer tccommon.InconsistentCheck(d, meta)()
+
+	logId := tccommon.GetLogId(tccommon.ContextNil)
+
+	ctx := context.WithValue(context.TODO(), tccommon.LogIdKey, logId)
+
+	service := MysqlService{client: meta.(tccommon.ProviderMeta).GetAPIV3Conn()}
+
+	instanceId := d.Id()
+
+	ssl, err := service.DescribeMysqlSslById(ctx, instanceId)
+	if err != nil {
+		return err
+	}
+
+	if ssl == nil {
+		d.SetId("")
+		log.Printf("[WARN]%s resource `tencentcloud_mysql_ssl` [%s] not found, please check if it has been deleted.",
+			logId, instanceId,
+		)
+		return nil
+	}
+
+	_ = d.Set("instance_id", instanceId)
+
+	if ssl.Status != nil {
+		_ = d.Set("status", ssl.Status)
+	}
+
+	if ssl.Url != nil {
+		_ = d.Set("url", ssl.Url)
+	}
+
+	return nil
+}
+
+func resourceTencentCloudMysqlSslUpdate(d *schema.ResourceData, meta interface{}) error {
+	defer tccommon.LogElapsed("resource.tencentcloud_mysql_ssl.update")()
+	defer tccommon.InconsistentCheck(d, meta)()
+
+	logId := tccommon.GetLogId(tccommon.ContextNil)
+
+	ctx := context.WithValue(context.TODO(), tccommon.LogIdKey, logId)
+
+	instanceId := d.Id()
+
+	status := ""
+	if v, ok := d.GetOk("status"); ok {
+		status = v.(string)
+		if status == "ON" {
+			request := mysql.NewOpenSSLRequest()
+			request.InstanceId = helper.String(instanceId)
+
+			err := resource.Retry(tccommon.WriteRetryTimeout, func() *resource.RetryError {
+				result, e := meta.(tccommon.ProviderMeta).GetAPIV3Conn().UseMysqlClient().OpenSSL(request)
+				if e != nil {
+					return tccommon.RetryError(e)
+				} else {
+					log.Printf("[DEBUG]%s api[%s] success, request body [%s], response body [%s]\n", logId, request.GetAction(), request.ToJsonString(), result.ToJsonString())
+				}
+				return nil
+			})
+			if err != nil {
+				log.Printf("[CRITAL]%s update mysql ssl failed, reason:%+v", logId, err)
+				return err
+			}
+		} else if status == "OFF" {
+			request := mysql.NewCloseSSLRequest()
+			request.InstanceId = helper.String(instanceId)
+
+			err := resource.Retry(tccommon.WriteRetryTimeout, func() *resource.RetryError {
+				result, e := meta.(tccommon.ProviderMeta).GetAPIV3Conn().UseMysqlClient().CloseSSL(request)
+				if e != nil {
+					return tccommon.RetryError(e)
+				} else {
+					log.Printf("[DEBUG]%s api[%s] success, request body [%s], response body [%s]\n", logId, request.GetAction(), request.ToJsonString(), result.ToJsonString())
+				}
+				return nil
+			})
+			if err != nil {
+				log.Printf("[CRITAL]%s update mysql ssl failed, reason:%+v", logId, err)
+				return err
+			}
+		} else {
+			return fmt.Errorf("[CRITAL]%s update mysql ssl failed, reason:your status must be ON or OFF!", logId)
+		}
+
+		if status != "" {
+			service := MysqlService{client: meta.(tccommon.ProviderMeta).GetAPIV3Conn()}
+			err := resource.Retry(7*tccommon.ReadRetryTimeout, func() *resource.RetryError {
+				ssl, err := service.DescribeMysqlSslById(ctx, instanceId)
+				if err != nil {
+					return resource.NonRetryableError(err)
+				}
+				if ssl == nil {
+					err = fmt.Errorf("mysqlid %s instance ssl not exists", instanceId)
+					return resource.NonRetryableError(err)
+				}
+				if *ssl.Status != status {
+					return resource.RetryableError(fmt.Errorf("mysql ssl status is (%v)", *ssl.Status))
+				}
+				if *ssl.Status == status {
+					return nil
+				}
+				err = fmt.Errorf("mysql ssl status is %v,we won't wait for it finish", *ssl.Status)
+				return resource.NonRetryableError(err)
+			})
+
+			if err != nil {
+				log.Printf("[CRITAL]%s mysql switchForUpgrade fail, reason:%s\n ", logId, err.Error())
+				return err
+			}
+		}
+	}
+
+	return resourceTencentCloudMysqlSslRead(d, meta)
+}
+
+func resourceTencentCloudMysqlSslDelete(d *schema.ResourceData, meta interface{}) error {
+	defer tccommon.LogElapsed("resource.tencentcloud_mysql_ssl.delete")()
+
+	return nil
+}

tencentcloud/services/cdb/resource_tc_mysql_ssl.md

@@ -0,0 +1,18 @@
+Provides a resource to create a mysql ssl
+
+Example Usage
+
+```hcl
+resource "tencentcloud_mysql_ssl" "ssl" {
+  instance_id = "cdb-j5rprr8n"
+  status      = "OFF"
+}
+```
+
+Import
+
+mysql ssl can be imported using the id, e.g.
+
+```
+terraform import tencentcloud_mysql_ssl.ssl instanceId
+```

tencentcloud/services/cdb/resource_tc_mysql_ssl_test.go

@@ -0,0 +1,60 @@
+package cdb_test
+
+import (
+	"testing"
+
+	tcacctest "github.com/tencentcloudstack/terraform-provider-tencentcloud/tencentcloud/acctest"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+)
+
+func TestAccTencentCloudMysqlSslResource_basic(t *testing.T) {
+	t.Parallel()
+	resource.Test(t, resource.TestCase{
+		PreCheck: func() {
+			tcacctest.AccPreCheck(t)
+		},
+		Providers: tcacctest.AccProviders,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccMysqlSsl,
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttrSet("tencentcloud_mysql_ssl.ssl", "id"),
+					resource.TestCheckResourceAttr("tencentcloud_mysql_ssl.ssl", "status", "ON"),
+					resource.TestCheckResourceAttrSet("tencentcloud_mysql_ssl.ssl", "url"),
+				),
+			},
+			{
+				ResourceName:      "tencentcloud_mysql_ssl.ssl",
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
+			{
+				Config: testAccMysqlSslUp,
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttrSet("tencentcloud_mysql_ssl.ssl", "id"),
+					resource.TestCheckResourceAttr("tencentcloud_mysql_ssl.ssl", "status", "OFF"),
+					resource.TestCheckResourceAttrSet("tencentcloud_mysql_ssl.ssl", "url"),
+				),
+			},
+		},
+	})
+}
+
+const testAccMysqlSsl = testAccMysql + `
+
+resource "tencentcloud_mysql_ssl" "ssl" {
+  instance_id = tencentcloud_mysql_instance.mysql.id
+  status      = "ON"
+}
+
+`
+
+const testAccMysqlSslUp = testAccMysql + `
+
+resource "tencentcloud_mysql_ssl" "ssl" {
+  instance_id = tencentcloud_mysql_instance.mysql.id
+  status      = "OFF"
+}
+
+`

tencentcloud/services/cdb/service_tencentcloud_mysql.go

@@ -1441,6 +1441,31 @@ func (me *MysqlService) DescribeMysqlTimeWindowById(ctx context.Context, instanc
 	return
 }
 
+func (me *MysqlService) DescribeMysqlSslById(ctx context.Context, instanceId string) (ssl *cdb.DescribeSSLStatusResponseParams, errRet error) {
+	logId := tccommon.GetLogId(ctx)
+
+	request := cdb.NewDescribeSSLStatusRequest()
+	request.InstanceId = &instanceId
+
+	defer func() {
+		if errRet != nil {
+			log.Printf("[CRITAL]%s api[%s] fail, request body [%s], reason[%s]\n", logId, request.GetAction(), request.ToJsonString(), errRet.Error())
+		}
+	}()
+
+	ratelimit.Check(request.GetAction())
+
+	response, err := me.client.UseMysqlClient().DescribeSSLStatus(request)
+	if err != nil {
+		errRet = err
+		return
+	}
+	log.Printf("[DEBUG]%s api[%s] success, request body [%s], response body [%s]\n", logId, request.GetAction(), request.ToJsonString(), response.ToJsonString())
+
+	ssl = response.Response
+	return
+}
+
 func (me *MysqlService) DeleteMysqlTimeWindowById(ctx context.Context, instanceId string) (errRet error) {
 	logId := tccommon.GetLogId(ctx)