From b34adb6558ffe9a3a10dd3d0ac21f1ac91960931 Mon Sep 17 00:00:00 2001 From: Alex Hemard Date: Tue, 6 Dec 2022 10:29:11 -0600 Subject: [PATCH 1/2] feat(Cloud Databases): remove bluemix-go dependency for allowlist --- ibm/flex/structures.go | 38 +-- .../database/data_source_ibm_database.go | 15 +- ibm/service/database/resource_ibm_database.go | 263 ++++-------------- 3 files changed, 68 insertions(+), 248 deletions(-) diff --git a/ibm/flex/structures.go b/ibm/flex/structures.go index 0098599c25..4fbcc4e791 100644 --- a/ibm/flex/structures.go +++ b/ibm/flex/structures.go @@ -1605,19 +1605,6 @@ func FlattenremoteSubnet(vpn *datatypes.Network_Tunnel_Module_Context) []map[str return remoteSubnetMap } -// IBM Cloud Databases -func ExpandWhitelist(whiteList *schema.Set) (whitelist []icdv4.WhitelistEntry) { - for _, iface := range whiteList.List() { - wlItem := iface.(map[string]interface{}) - wlEntry := icdv4.WhitelistEntry{ - Address: wlItem["address"].(string), - Description: wlItem["description"].(string), - } - whitelist = append(whitelist, wlEntry) - } - return -} - // IBM Cloud Databases func ExpandAllowlist(allowList *schema.Set) (allowlist []clouddatabasesv5.AllowlistEntry) { for _, iface := range allowList.List() { @@ -1631,28 +1618,15 @@ func ExpandAllowlist(allowList *schema.Set) (allowlist []clouddatabasesv5.Allowl return } -// Cloud Internet Services -func FlattenWhitelist(whitelist icdv4.Whitelist) []map[string]interface{} { - entries := make([]map[string]interface{}, len(whitelist.WhitelistEntrys), len(whitelist.WhitelistEntrys)) - for i, whitelistEntry := range whitelist.WhitelistEntrys { - l := map[string]interface{}{ - "address": whitelistEntry.Address, - "description": whitelistEntry.Description, - } - entries[i] = l - } - return entries -} - -// Cloud Internet Services -func FlattenGetAllowlist(allowlist clouddatabasesv5.GetAllowlistResponse) []map[string]interface{} { - entries := make([]map[string]interface{}, len(allowlist.IPAddresses), len(allowlist.IPAddresses)) - for i, allowlistEntry := range allowlist.IPAddresses { - l := map[string]interface{}{ +// IBM Cloud Databases +func FlattenAllowlist(allowlist []clouddatabasesv5.AllowlistEntry) []map[string]interface{} { + entries := make([]map[string]interface{}, 0, len(allowlist)) + for _, allowlistEntry := range allowlist { + ip := map[string]interface{}{ "address": allowlistEntry.Address, "description": allowlistEntry.Description, } - entries[i] = l + entries = append(entries, ip) } return entries } diff --git a/ibm/service/database/data_source_ibm_database.go b/ibm/service/database/data_source_ibm_database.go index 55d42fcf6a..80eb164c42 100644 --- a/ibm/service/database/data_source_ibm_database.go +++ b/ibm/service/database/data_source_ibm_database.go @@ -752,6 +752,11 @@ func dataSourceIBMDatabaseInstanceRead(d *schema.ResourceData, meta interface{}) return fmt.Errorf("[ERROR] Error getting database client settings: %s", err) } + cloudDatabasesClient, err := meta.(conns.ClientSession).CloudDatabasesV5() + if err != nil { + return fmt.Errorf("[ERROR] Error getting database client settings: %s", err) + } + icdId := flex.EscapeUrlParm(instance.ID) cdb, err := icdClient.Cdbs().GetCdb(icdId) if err != nil { @@ -780,13 +785,6 @@ func dataSourceIBMDatabaseInstanceRead(d *schema.ResourceData, meta interface{}) } d.Set("auto_scaling", flattenICDAutoScalingGroup(autoSclaingGroup)) - whitelist, err := icdClient.Whitelists().GetWhitelist(icdId) - if err != nil { - return fmt.Errorf("[ERROR] Error getting database whitelist: %s", err) - } - d.Set("whitelist", flex.FlattenWhitelist(whitelist)) - - cloudDatabasesClient, err := meta.(conns.ClientSession).CloudDatabasesV5() alEntry := &clouddatabasesv5.GetAllowlistOptions{ ID: &instance.ID, } @@ -797,7 +795,8 @@ func dataSourceIBMDatabaseInstanceRead(d *schema.ResourceData, meta interface{}) return fmt.Errorf("[ERROR] Error getting database allowlist: %s", err) } - d.Set("allowlist", flex.FlattenGetAllowlist(*allowlist)) + d.Set("allowlist", flex.FlattenAllowlist(allowlist.IPAddresses)) + d.Set("whitelist", flex.FlattenAllowlist(allowlist.IPAddresses)) connectionEndpoint := "public" if instance.Parameters != nil { diff --git a/ibm/service/database/resource_ibm_database.go b/ibm/service/database/resource_ibm_database.go index 1a98695612..13d4900ae7 100644 --- a/ibm/service/database/resource_ibm_database.go +++ b/ibm/service/database/resource_ibm_database.go @@ -1565,57 +1565,38 @@ func resourceIBMDatabaseInstanceCreate(context context.Context, d *schema.Resour } } - if wl, ok := d.GetOk("whitelist"); ok { - whitelist := flex.ExpandWhitelist(wl.(*schema.Set)) - for _, wlEntry := range whitelist { - whitelistReq := icdv4.WhitelistReq{ - WhitelistEntry: icdv4.WhitelistEntry{ - Address: wlEntry.Address, - Description: wlEntry.Description, - }, - } - task, err := icdClient.Whitelists().CreateWhitelist(icdId, whitelistReq) - if err != nil { - return diag.FromErr(fmt.Errorf("[ERROR] Error updating database whitelist entry: %s", err)) - } - _, err = waitForDatabaseTaskComplete(task.Id, d, meta, d.Timeout(schema.TimeoutCreate)) - if err != nil { - return diag.FromErr(fmt.Errorf( - "[ERROR] Error waiting for update of database (%s) whitelist task to complete: %s", icdId, err)) - } + _, hasWhitelist := d.GetOk("whitelist") + _, hasAllowlist := d.GetOk("allowlist") + + if hasWhitelist || hasAllowlist { + var ipAddresses *schema.Set + if hasAllowlist { + ipAddresses = d.Get("allowlist").(*schema.Set) + } else { + ipAddresses = d.Get("whitelist").(*schema.Set) } - } else if al, ok := d.GetOk("allowlist"); ok { - cloudDatabasesClient, err := meta.(conns.ClientSession).CloudDatabasesV5() - if err != nil { - return diag.FromErr(fmt.Errorf("[ERROR] Error getting database client settings: %s", err)) + entries := flex.ExpandAllowlist(ipAddresses) + + setAllowlistOptions := &clouddatabasesv5.SetAllowlistOptions{ + ID: &instanceID, + IPAddresses: entries, } - add := flex.ExpandAllowlist(al.(*schema.Set)) - for _, entry := range add { - holdEntry := &clouddatabasesv5.AllowlistEntry{ - Address: core.StringPtr(*entry.Address), - Description: core.StringPtr(*entry.Description), - } - alEntry := &clouddatabasesv5.AddAllowlistEntryOptions{ - ID: &instanceID, - IPAddress: holdEntry, - } - addAllowListResponse, _, err := cloudDatabasesClient.AddAllowlistEntry(alEntry) + setAllowlistResponse, _, err := cloudDatabasesClient.SetAllowlist(setAllowlistOptions) + if err != nil { + return diag.FromErr(fmt.Errorf("[ERROR] Error updating database allowlists: %s", err)) + } - if err != nil { - return diag.FromErr(fmt.Errorf( - "[ERROR] Error updating database allowlist entry: (%s)", err)) - } + taskId := *setAllowlistResponse.Task.ID - taskID := *addAllowListResponse.Task.ID - _, err = waitForDatabaseTaskComplete(taskID, d, meta, d.Timeout(schema.TimeoutUpdate)) - if err != nil { - return diag.FromErr(fmt.Errorf( - "[ERROR] Error waiting for update of database (%s) allowlist task to complete: %s", instanceID, err)) - } + _, err = waitForDatabaseTaskComplete(taskId, d, meta, d.Timeout(schema.TimeoutCreate)) + if err != nil { + return diag.FromErr(fmt.Errorf( + "[ERROR] Error waiting for update of database (%s) allowlist task to complete: %s", instanceID, err)) } } + if cpuRecord, ok := d.GetOk("auto_scaling.0.cpu"); ok { params := icdv4.AutoscalingSetGroup{} cpuBody, err := expandICDAutoScalingGroup(d, cpuRecord, "cpu") @@ -1632,8 +1613,8 @@ func resourceIBMDatabaseInstanceCreate(context context.Context, d *schema.Resour return diag.FromErr(fmt.Errorf( "[ERROR] Error waiting for database (%s) cpu auto_scaling group update task to complete: %s", icdId, err)) } - } + if diskRecord, ok := d.GetOk("auto_scaling.0.disk"); ok { params := icdv4.AutoscalingSetGroup{} diskBody, err := expandICDAutoScalingGroup(d, diskRecord, "disk") @@ -1888,14 +1869,10 @@ func resourceIBMDatabaseInstanceRead(context context.Context, d *schema.Resource } d.Set("auto_scaling", flattenICDAutoScalingGroup(autoSclaingGroup)) - if _, ok := d.GetOk("whitelist"); ok { - whitelist, err := icdClient.Whitelists().GetWhitelist(icdId) - if err != nil { - return diag.FromErr(fmt.Errorf("[ERROR] Error getting database whitelist: %s", err)) - } - d.Set("whitelist", flex.FlattenWhitelist(whitelist)) - } else { - cloudDatabasesClient, err := meta.(conns.ClientSession).CloudDatabasesV5() + _, hasWhitelist := d.GetOk("whitelist") + _, hasAllowlist := d.GetOk("allowlist") + + if hasAllowlist || hasWhitelist { alEntry := &clouddatabasesv5.GetAllowlistOptions{ ID: &instanceID, } @@ -1904,7 +1881,11 @@ func resourceIBMDatabaseInstanceRead(context context.Context, d *schema.Resource if err != nil { return diag.FromErr(fmt.Errorf("[ERROR] Error getting database allowlist: %s", err)) } - d.Set("allowlist", flex.FlattenGetAllowlist(*allowlist)) + if hasWhitelist { + d.Set("whitelist", flex.FlattenAllowlist(allowlist.IPAddresses)) + } else if hasAllowlist { + d.Set("allowlist", flex.FlattenAllowlist(allowlist.IPAddresses)) + } } var connectionStrings []flex.CsEntry @@ -2242,177 +2223,43 @@ func resourceIBMDatabaseInstanceUpdate(context context.Context, d *schema.Resour } } - _, whitelistExists := d.GetOk("whitelist") + if d.HasChange("whitelist") || d.HasChange("allowlist") { + _, hasAllowlist := d.GetOk("allowlist") + _, hasWhitelist := d.GetOk("whitelist") - if whitelistExists && d.HasChange("whitelist") { - oldList, newList := d.GetChange("whitelist") - oldAllowList, newAllowList := d.GetChange("allowlist") + var entries interface{} - if oldList == nil { - oldList = new(schema.Set) - } - if newList == nil { - newList = new(schema.Set) + if hasWhitelist { + _, entries = d.GetChange("whitelist") + } else if hasAllowlist { + _, entries = d.GetChange("allowlist") } - os := oldList.(*schema.Set) - ns := newList.(*schema.Set) - osw := oldAllowList.(*schema.Set) - nsw := newAllowList.(*schema.Set) - - // If the whitelist is empty but allowlist is not, that means - // we are migrating from whitelist to allowlist - if os.Len() == 0 && osw.Len() > 0 { - os = osw - } - if ns.Len() == 0 && nsw.Len() > 0 { - ns = nsw + if entries == nil { + entries = new(schema.Set) } - remove := os.Difference(ns).List() - add := ns.Difference(os).List() - - if len(add) > 0 { - for _, entry := range add { - newEntry := entry.(map[string]interface{}) - wlEntry := icdv4.WhitelistEntry{ - Address: newEntry["address"].(string), - Description: newEntry["description"].(string), - } - whitelistReq := icdv4.WhitelistReq{ - WhitelistEntry: wlEntry, - } - task, err := icdClient.Whitelists().CreateWhitelist(icdId, whitelistReq) - if err != nil { - return diag.FromErr(fmt.Errorf("[ERROR] Error updating database whitelist entry %v : %s", wlEntry.Address, err)) - } - _, err = waitForDatabaseTaskComplete(task.Id, d, meta, d.Timeout(schema.TimeoutUpdate)) - if err != nil { - return diag.FromErr(fmt.Errorf( - "[ERROR] Error waiting for database (%s) whitelist create task to complete for entry %s : %s", icdId, wlEntry.Address, err)) - } - - } - + allowlistEntries := flex.ExpandAllowlist(entries.(*schema.Set)) + setAllowlistOptions := &clouddatabasesv5.SetAllowlistOptions{ + ID: &instanceID, + IPAddresses: allowlistEntries, } - if len(remove) > 0 { - for _, entry := range remove { - newEntry := entry.(map[string]interface{}) - wlEntry := icdv4.WhitelistEntry{ - Address: newEntry["address"].(string), - Description: newEntry["description"].(string), - } - ipAddress := wlEntry.Address - task, err := icdClient.Whitelists().DeleteWhitelist(icdId, ipAddress) - if err != nil { - return diag.FromErr(fmt.Errorf("[ERROR] Error deleting database whitelist entry: %s", err)) - } - _, err = waitForDatabaseTaskComplete(task.Id, d, meta, d.Timeout(schema.TimeoutUpdate)) - if err != nil { - return diag.FromErr(fmt.Errorf( - "[ERROR] Error waiting for database (%s) whitelist delete task to complete for ipAddress %s : %s", icdId, ipAddress, err)) - } - - } - } - } else if d.HasChange("allowlist") { - cloudDatabasesClient, err := meta.(conns.ClientSession).CloudDatabasesV5() - + setAllowlistResponse, _, err := cloudDatabasesClient.SetAllowlist(setAllowlistOptions) if err != nil { - return diag.FromErr(fmt.Errorf("[ERROR] Error getting database client settings: %s", err)) - } - - oldList, newList := d.GetChange("allowlist") - oldWhiteList, newWhiteList := d.GetChange("whitelist") - - if oldList == nil { - oldList = new(schema.Set) - } - if newList == nil { - newList = new(schema.Set) + return diag.FromErr(fmt.Errorf("[ERROR] Error updating database allowlist entry: %s", err)) } - // If the allowlist is empty but whitelist is not, that means - // we are migrating from allowlist to whitelist - os := oldList.(*schema.Set) - ns := newList.(*schema.Set) - osw := oldWhiteList.(*schema.Set) - nsw := newWhiteList.(*schema.Set) - - if os.Len() == 0 && osw.Len() > 0 { - os = osw - } - if ns.Len() == 0 && nsw.Len() > 0 { - ns = nsw - } - remove := os.Difference(ns).List() - add := ns.Difference(os).List() - - if len(add) > 0 { - for _, entry := range add { - newEntry := entry.(map[string]interface{}) - holdEntry := &clouddatabasesv5.AllowlistEntry{ - Address: core.StringPtr(newEntry["address"].(string)), - Description: core.StringPtr(newEntry["description"].(string)), - } - alEntry := &clouddatabasesv5.AddAllowlistEntryOptions{ - ID: &instanceID, - IPAddress: holdEntry, - } - addAllowListResponse, response, err := cloudDatabasesClient.AddAllowlistEntry(alEntry) - if err != nil { - return diag.FromErr(fmt.Errorf( - "[ERROR] Error updating database allowlist entry (%s) failed %s\n%s", *addAllowListResponse.Task.Description, err, response)) - } + taskId := *setAllowlistResponse.Task.ID - taskID := *addAllowListResponse.Task.ID - _, err = waitForDatabaseTaskComplete(taskID, d, meta, d.Timeout(schema.TimeoutUpdate)) - if err != nil { - return diag.FromErr(fmt.Errorf( - "[ERROR] Error waiting for database (%s) allowlist add task to complete for ipAddress %s : %s", instanceID, *addAllowListResponse.Task.Description, err)) - } - - } - - } - - if len(remove) > 0 { - for _, entry := range remove { - newEntry := entry.(map[string]interface{}) - holdEntry := &clouddatabasesv5.AllowlistEntry{ - Address: core.StringPtr(newEntry["address"].(string)), - Description: core.StringPtr(newEntry["description"].(string)), - } - alEntry := &clouddatabasesv5.DeleteAllowlistEntryOptions{ - ID: &instanceID, - Ipaddress: holdEntry.Address, - } - - deleteAllowListResponse, response, err := cloudDatabasesClient.DeleteAllowlistEntry(alEntry) - if err != nil { - return diag.FromErr(fmt.Errorf( - "[ERROR] DeleteAllowlistEntry (%s) failed %s\n%s", *deleteAllowListResponse.Task.Description, err, response)) - } - - taskID := *deleteAllowListResponse.Task.ID - _, err = waitForDatabaseTaskComplete(taskID, d, meta, d.Timeout(schema.TimeoutUpdate)) - if err != nil { - return diag.FromErr(fmt.Errorf( - "[ERROR] Error waiting for database (%s) allowlist delete task to complete for ipAddress %s : %s", instanceID, *deleteAllowListResponse.Task.Description, err)) - } - - } + _, err = waitForDatabaseTaskComplete(taskId, d, meta, d.Timeout(schema.TimeoutCreate)) + if err != nil { + return diag.FromErr(fmt.Errorf( + "[ERROR] Error waiting for update of database (%s) whitelist task to complete: %s", instanceID, err)) } } if d.HasChange("users") { - cloudDatabasesClient, err := meta.(conns.ClientSession).CloudDatabasesV5() - - if err != nil { - return diag.FromErr(fmt.Errorf("[ERROR] Error getting database client settings: %s", err)) - } - oldUsers, newUsers := d.GetChange("users") userChanges := make(map[string]*userChange) userKey := func(raw map[string]interface{}) string { From 2f461fe2a0eb956af763d265f898a402c2c933ea Mon Sep 17 00:00:00 2001 From: Alex Hemard Date: Tue, 6 Dec 2022 12:55:34 -0600 Subject: [PATCH 2/2] tweaks --- ibm/flex/structures.go | 15 ++++---- ibm/service/database/resource_ibm_database.go | 34 +++++++++---------- 2 files changed, 25 insertions(+), 24 deletions(-) diff --git a/ibm/flex/structures.go b/ibm/flex/structures.go index 4fbcc4e791..e47fd4b1f8 100644 --- a/ibm/flex/structures.go +++ b/ibm/flex/structures.go @@ -1606,14 +1606,15 @@ func FlattenremoteSubnet(vpn *datatypes.Network_Tunnel_Module_Context) []map[str } // IBM Cloud Databases -func ExpandAllowlist(allowList *schema.Set) (allowlist []clouddatabasesv5.AllowlistEntry) { +func ExpandAllowlist(allowList *schema.Set) (entries []clouddatabasesv5.AllowlistEntry) { + entries = make([]clouddatabasesv5.AllowlistEntry, 0, len(allowList.List())) for _, iface := range allowList.List() { alItem := iface.(map[string]interface{}) alEntry := &clouddatabasesv5.AllowlistEntry{ Address: core.StringPtr(alItem["address"].(string)), Description: core.StringPtr(alItem["description"].(string)), } - allowlist = append(allowlist, *alEntry) + entries = append(entries, *alEntry) } return } @@ -1621,12 +1622,12 @@ func ExpandAllowlist(allowList *schema.Set) (allowlist []clouddatabasesv5.Allowl // IBM Cloud Databases func FlattenAllowlist(allowlist []clouddatabasesv5.AllowlistEntry) []map[string]interface{} { entries := make([]map[string]interface{}, 0, len(allowlist)) - for _, allowlistEntry := range allowlist { - ip := map[string]interface{}{ - "address": allowlistEntry.Address, - "description": allowlistEntry.Description, + for _, ip := range allowlist { + entry := map[string]interface{}{ + "address": ip.Address, + "description": ip.Description, } - entries = append(entries, ip) + entries = append(entries, entry) } return entries } diff --git a/ibm/service/database/resource_ibm_database.go b/ibm/service/database/resource_ibm_database.go index 13d4900ae7..3d29d613e8 100644 --- a/ibm/service/database/resource_ibm_database.go +++ b/ibm/service/database/resource_ibm_database.go @@ -1570,10 +1570,10 @@ func resourceIBMDatabaseInstanceCreate(context context.Context, d *schema.Resour if hasWhitelist || hasAllowlist { var ipAddresses *schema.Set - if hasAllowlist { - ipAddresses = d.Get("allowlist").(*schema.Set) - } else { + if hasWhitelist { ipAddresses = d.Get("whitelist").(*schema.Set) + } else { + ipAddresses = d.Get("allowlist").(*schema.Set) } entries := flex.ExpandAllowlist(ipAddresses) @@ -1870,22 +1870,21 @@ func resourceIBMDatabaseInstanceRead(context context.Context, d *schema.Resource d.Set("auto_scaling", flattenICDAutoScalingGroup(autoSclaingGroup)) _, hasWhitelist := d.GetOk("whitelist") - _, hasAllowlist := d.GetOk("allowlist") - if hasAllowlist || hasWhitelist { - alEntry := &clouddatabasesv5.GetAllowlistOptions{ - ID: &instanceID, - } + alEntry := &clouddatabasesv5.GetAllowlistOptions{ + ID: &instanceID, + } - allowlist, _, err := cloudDatabasesClient.GetAllowlist(alEntry) - if err != nil { - return diag.FromErr(fmt.Errorf("[ERROR] Error getting database allowlist: %s", err)) - } - if hasWhitelist { - d.Set("whitelist", flex.FlattenAllowlist(allowlist.IPAddresses)) - } else if hasAllowlist { - d.Set("allowlist", flex.FlattenAllowlist(allowlist.IPAddresses)) - } + allowlist, _, err := cloudDatabasesClient.GetAllowlist(alEntry) + + if err != nil { + return diag.FromErr(fmt.Errorf("[ERROR] Error getting database allowlist: %s", err)) + } + + if hasWhitelist { + d.Set("whitelist", flex.FlattenAllowlist(allowlist.IPAddresses)) + } else { + d.Set("allowlist", flex.FlattenAllowlist(allowlist.IPAddresses)) } var connectionStrings []flex.CsEntry @@ -2240,6 +2239,7 @@ func resourceIBMDatabaseInstanceUpdate(context context.Context, d *schema.Resour } allowlistEntries := flex.ExpandAllowlist(entries.(*schema.Set)) + setAllowlistOptions := &clouddatabasesv5.SetAllowlistOptions{ ID: &instanceID, IPAddresses: allowlistEntries,